Praktikal na Web Based Deep Learning at Security sa pamamagitan ng Halimbawa

 
<!doctype HTML>
<html>
<body>
<legend>Feed</legend>
<form method=”POST”>
{% csrf_token %}
{{ form }}
<button type=”submit”>New Post</button>
</form>
<hr>
{% for post in posts %}
<p>{{ post.text }}</p>
{% endfor %}
</body>
</html>
 

 
<!doctype HTML>
<html>
<head>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet" crossorigin="anonymous">
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js" crossorigin="anonymous"></script>
</head>
<body>
{% block body %}
{% endblock %}
</body>
</html>
 

pip install django-crispy-forms

INSTALLED_APPS = [
    # ... Nakaraang code dito
    'crispy_forms',
]

 
{% extends 'base.html' %}
{% block body %}
{% load crispy_forms_tags %}
<form method=”POST”>
{% csrf_token %}
{{ form|crispy }}
<button type=”submit” class=”btn btn-outline-primary”>New Post</button>
</form>
<hr>
{% for post in posts %}
<p>{{ post.text }}</p>
{% endfor %}
{% endblock %}
 

python manage.py startapp users

from django.shortcuts import render, redirect
from django.urls import reverse
from django.contrib.auth.forms import AuthenticationForm, SetPasswordForm
from django.contrib.auth import authenticate, logout
from django.contrib.auth import login as auth_login
from django.contrib import messages

def login(request):
    if request.method == “POST”:
        username = request.POST['username'] # Kunin ang username at password mula sa kahilingan sa post
        password = request.POST['password'] # Patunayan ang gumagamit
        user = authenticate(username=username, password=password)
        if user:
            auth_login(request, user, backend='django.contrib.auth.backends.ModelBackend')
            messages.success(request, 'Your password was accepted. Please continue')
            return redirect(reverse('feed:feed'))
        else: messages.warning(request, 'Username or password incorrect. Please try again')
    return render(request, 'users/login.html', {'form': AuthenticationForm()})

mkdir users/templates
mkdir users/templates/users

nano users/templates/users/login.html

 
{% extends 'base.html' %}
{% load crispy_forms_tags %}
{% block content %}
<form method="POST">
    {% csrf_token %}
    <fieldset class="form-group">
        <legend class="border-bottom mb-4 break">Log In</legend>
        {{ form|crispy }}
    </fieldset>
    <div class="form-group">
        <button class="btn btn-outline-info" type="submit">Login</button>
    </div>
</form>
{% endblock %}
 

 
{% extends 'base.html' %}
{% load crispy_forms_tags %}
{% block content %}
<form method="POST">
    {% csrf_token %}
    <fieldset class="form-group">
        <legend class="border-bottom mb-4 break">Create an account</legend>
        {{ form|crispy }}
    </fieldset>
    <div class="form-group">
        <button class="btn btn-outline-info" type="submit">Register</button>
    </div>
</form>
{% endblock %}
 

from django import forms
from django.contrib.auth.models import User
from django.contrib.auth.forms import UserCreationForm

class UserRegisterForm(UserCreationForm):
    email = forms.EmailField()

    class Meta:
        model = User
        fields = ['username', 'email', 'password1', 'password2']

# ... halaga
from .forms import UserRegisterForm

def register(request):
    if request.method == “POST”:
        form = UserRegisterForm(request.POST)
        if form.is_valid():
            user = form.save()
            messages.success(request, 'Welcome to the app, {}.'.format(user.username))
    return render(request, 'users/register.html', {'form': UserRegisterForm})

from django.db import models # ... halaga
from django.contrib.auth.models import User

class Post(models.Model):
    id = models.AutoField(primary_key=True)
    author = models.ForeignKey(User, on_delete=models.CASCADE, null=True, blank=True, related_name='posts') # Idagdag sa linyang ito
    text = models.TextField(default='')

from django.db import models
from django.contrib.auth.models import User
from django.utils import timezone

class Profile(models.Model):
    user = models.OneToOneField(User, on_delete=models.CASCADE, null=True, blank=True, related_name='profile')
    account_created = models.DateTimeField(default=timezone.now)
    last_seen = models.DateTimeField(default=timezone.now)
    can_login = models.DateTimeField(default=timezone.now)
    preferred_name = models.CharField(max_length=20,default='', null=True, blank=True)
    bio = models.TextField(blank=True, default='')

# ... halaga
from .forms import UserRegisterForm

def register(request):
    if request.method == “POST”:
        form = UserRegisterForm(request.POST)
        if form.is_valid():
            user = form.save()
            Profile.objects.create(user=user) # Siguraduhing idagdag ang linya na ito, upang lumikha ng isang profile para sa gumagamit
            messages.success(request, 'Welcome to the app, {}.'.format(user.username))
    return render(request, 'users/register.html', {'form': UserRegisterForm})

# … Mga pag -import
from .models import Profile
from django.utils import timezone
import datetime

def login(request):
    if request.method == “POST”:
        username = request.POST['username']
        password = request.POST['password']
        user = authenticate(username=username, password=password)
        if user and user.profile.can_login < timezone.now(): # Tandaan na susuriin natin ngayon kung maaaring mag -log in ang gumagamit
            auth_login(request, user, backend='django.contrib.auth.backends.ModelBackend')
            messages.success(request, 'Your password was accepted. Please continue.')
            return redirect(reverse('feed:feed'))
        else: # Kung ang pag -login ay hindi matagumpay,
            messages.warning(request, 'Username or password incorrect. Please try again.')
            user = User.objects.filter(username=username).first() # Ito ang bahagi kung saan ina -update namin ang profile ng mga gumagamit
            if user: 
                profile = user.profile
                profile.can_login = timezone.now() + datetime.timedelta(seconds=15) # Kaya hindi na sila maaaring mag -log in muli ng ilang segundo
                profile.save()
    return render(request, 'users/login.html', {'form': AuthenticationForm()})

sudo backup

sudo crontab -e

0 * * * * sudo backup

sudo visudo

ALL ALL=NOPASSWD: /bin/backup

nano app/settings.py

SITE_NAME = 'Django App'

EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST = 'localhost'
EMAIL_PORT = 587
EMAIL_USE_TLS = True
EMAIL_ADDRESS = username@server.com'
EMAIL_HOST_USER = 'username'
EMAIL_HOST_PASSWORD = config['EMAIL_HOST_PASSWORD']
DEFAULT_FROM_EMAIL = '{} <{}>'.format(SITE_NAME, EMAIL_HOST_USER)

import os
import json
with open('/etc/config.json') as config_file:
    config = json.load(config_file)

sudo nano /etc/config.json

{
	“EMAIL_HOST_PASSWORD”: “<some password here>”
}

nano users/templates/users/verification_email.html

 
<h1>Django App - Verify Your Email</h1>
<p>Dear {{ user.username }},</p>
<p>To verify your email, please <a href="{{ base_url }}{% url 'users:activate' uidb64=uid token=token %}">click here</a>.</p>

<p>Alternatively, you can paste the following link in your browser's address bar:</p>
<p>{{ base_url }}{% url 'users:activate' uidb64=uid token=token %}</p>

<p>The link will expire in 30 minutes.</p>
<p>If you have not requested a verification email you can simply ignore this email.</p>
<p>See you there,</p>
<p>Daisy</p>
 

SITE_NAME = 'Django App'
PROTOCOL = 'https'
DOMAIN = 'example.com'

BASE_URL = PROTOCOL + '://' + DOMAIN

nano users/tokens.py

from django.contrib.auth.tokens import PasswordResetTokenGenerator
import six
class TokenGenerator(PasswordResetTokenGenerator):
    def _make_hash_value(self, user, timestamp):
        return (
            six.text_type(user.pk) + six.text_type(timestamp)
        )
account_activation_token = TokenGenerator()
unsubscribe_token = TokenGenerator()

nano users/email.py

from django.contrib.auth import get_user_model
from django.utils.http import urlsafe_base64_encode, urlsafe_base64_decode
from django.contrib.sites.shortcuts import get_current_site
from django.core.mail import send_mail
from django.template.loader import render_to_string
from django.utils.encoding import force_bytes
from django.core.mail import EmailMultiAlternatives
from django.shortcuts import render
from .tokens import account_activation_token
from django.template.loader import render_to_string
from django.utils.html import strip_tags
from django.template import Template, Context
from django.conf import settings
import traceback

def send_verification_email(user):
    User = get_user_model()
    mail_subject = '[{}] Activate your account.'.format(settings.SITE_NAME)
    html_message = render_to_string('users/verification_email.html', {
        'user': user,
        'domain': settings.DOMAIN,
        'protocol': 'https',
        'uid': urlsafe_base64_encode(force_bytes(user.pk)),
        'token': account_activation_token.make_token(user),
    })
    send_html_email(user, mail_subject, html_message)

def send_html_email(user, mail_subject, html_message):
    to_email = user.email
    username = user.username
    if to_email == '':
        return None
    unsub_link = settings.BASE_URL + user.profile.create_unsubscribe_link()
    html_message = html_message + "<p><a href=\"" + unsub_link +  "\" + title=\"Unsubscribe from " + settings.SITE_NAME + " emails\">Unsubscribe</a></p></body></html>"
    msg = EmailMultiAlternatives(mail_subject, strip_tags(html_message), settings.DEFAULT_FROM_EMAIL, [to_email], headers={'List-Unsubscribe' : '<' + unsub_link + '>'},)
    msg.attach_alternative(html_message, "text/html")
    profile = user.profile
    try:
        msg.send(fail_silently=False)
        if not profile.email_valid:
            profile.email_valid=True
            profile.save()
    except:
        profile.email_valid=False
        profile.save()

nano users/models.py

# …
from django.core.signing import TimestampSigner, BadSignature, SignatureExpired
from django.urls import reverse

# …
    email_valid = models.BooleanField(default=True)
    
    def make_token(self):
        return TimestampSigner().sign(self.user.username)

    def check_token(self, token):
        try:
            key = '%s:%s' % (self.user.username, token)
            TimestampSigner().unsign(key, max_age=60 * 60 * 24 * 30) # May bisa sa loob ng 30 araw
        except (BadSignature, SignatureExpired):
            return False
        return True

    def create_unsubscribe_link(self):
        username, token = self.make_token().split(":", 1)
        return reverse('users:unsubscribe', kwargs={'username': username, 'token': token,})

nano users/views.py

from django.contrib.auth import logout
from django.shortcuts import render, redirect, get_object_or_404
from django.contrib.auth.models import User
from django.utils.encoding import force_str
from django.utils.http import urlsafe_base64_encode, urlsafe_base64_decode
import json
import requests
import datetime, traceback
from django.contrib import messages
from .models import Profile
from django.utils import timezone
from django.views.decorators.cache import never_cache
from .email import send_verification_email # Siguraduhin na i -import ang pag -andar ng pagpapadala ng email sa pag -verify
from django.contrib.auth.decorators import login_required
from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin
from django.utils.decorators import method_decorator
from django.http import HttpResponseRedirect
from django.conf import settings
from django.utils import timezone
import datetime
import pytz
from django.views.decorators.csrf import csrf_exempt
from django.http import HttpResponse
from django.contrib.auth.tokens import default_token_generator
from django.utils.http import urlsafe_base64_decode
from .tokens import account_activation_token

def unsubscribe(request, username, token):
    user = get_object_or_404(User, username=username)
    if((request.user.is_authenticated and request.user == user) or user.profile.check_token(token)):
        # i -unsubscribe ang mga ito
        profile = user.profile
        profile.subscribed = False
        profile.save()
        return render(request, 'users/unsubscribe.html')
    # Kung hindi man ay nag -redirect sa pahina ng pag -login
    messages.warning(request,f'Your unsubscribe link has expired. Please log in to unsubscribe.')
    next_url = reverse('users:unsubscribe', kwargs={'username': username, 'token': token,})
    return HttpResponseRedirect('%s?next=%s' % (reverse('login'), next_url))

def activate(request, uidb64, token):
    try:
        uid = force_str(urlsafe_base64_decode(uidb64))
        user = User.objects.get(pk=uid)
    except(TypeError, ValueError, OverflowError, User.DoesNotExist):
        user = None
    ip = get_client_ip(request)
    if user is not None and account_activation_token.check_token(user, token):
        user.profile.email_verified = True
        user.profile.save()
        user.save()
# SendWelcomeEmail (kahilingan, gumagamit)
        messages.success(request, f'Thanks for confirming your email! You can now log into your account, and a welcome email has been sent to you.')
        return redirect(user.profile.create_face_url())
    else:
        messages.success(request, f'Your activation link has expired. Please request a new activation link.')
        return redirect('verify:verify')

def resend_activation(request):
    if request.method == 'POST':
        form = ResendActivationEmailForm(request.POST)
        email = request.POST['email']
        try:
            user = User.objects.get(email=email)
            send_verification_email(user)
            messages.success(request,'Your verification email sent. Please click the link in your email to verify your account.')
            return redirect(reverse('verify:verify'))
        except:
            messages.warning(request,f'Your email is not correct. Please try again.')
    else:
        form = ResendActivationEmailForm()
    return render(request,'users/resend_activation.html',{'form': form, 'title': 'Resend Activation', 'small': True})

nano users/views.py

# ... (pagkatapos) def rehistro (kahilingan):
            send_verification_email(user)
# ... (bago) i -redirect (

# … Mga pag -import
from .forms import UserRegisterForm

def register(request):
    if request.method == “POST”:
        form = UserRegisterForm(request.POST)
        if form.is_valid():
            user = form.save()
            send_verification_email(user) # Siguraduhin na idagdag ang linya na ito!
            messages.success(request, 'Welcome to the app, {}.'.format(user.username))
    return render(request, 'users/register.html', {'form': UserRegisterForm})

# ... (Halaga)
class ResendActivationEmailForm(forms.Form):
    email = forms.EmailField(required=True)

nano users/templates/users/resend_activation.html

{% extends 'base.html' %}
{% block content %}
{% load crispy_forms_tags %}
        <form method="POST">
            {% csrf_token %}
            <fieldset class="form-group">
                <legend class="border-bottom mb-4">Resend activation email</legend>
                {{ form|crispy }}
            </fieldset>
            <div class="form-group">
                <button class="btn btn-outline-secondary" type="submit">Resend activation email</button>
            </div>
        </form>
{% endblock %}

def sendwelcomeemail(user):
    User = get_user_model()
    html = open('{}/users/welcome_email.html'.format(settings.BASE_DIR)).read()
    subject = 'Welcome to ' + settings.SITE_NAME + ', {{ username }}!'
    template = Template(html)
    subjtemplate = Template(subject)
    context = Context({'username': user.username, 'base_url': settings.BASE_URL, 'model_name': 'Daisy Holton, 'site_name': settings.SITE_NAME})
    renderedtemplate = template.render(context)
    subjcontext = Context({'username': user.username})
    subjrenderedtemplate = subjtemplate.render(subjcontext)
    send_html_email(user, subjrenderedtemplate, renderedtemplate)

 
<html>
<body>
<h3>Welcome to {{ site_name }}</h3>
<p>Hello {{ username }},</p>
<p>We are happy to see you here! Thank you for joining {{ site_name }} and being a part of the fun. To get started, here are a few things you can do after you verify your identity.</p>
<ol>
    <li><a href="{{ base_url }}/" title="Use the app">Use the app</a>. This is the main page of {{ site_name }}</li>
    <li><a href="{{ base_url }}/feed/profile/Clementine/" title="See my profile">Visit my private {{ site_name }} profile</a>. This is a page for anyone wanting to get to know me.</li>
    <li><a href="{{ base_url }}/feed/profiles/" title="See all profiles currently on the site">More profiles</a>. You can find these people on the site, and see their content.</li>
    <li><a href="{{ base_url }}/feed/all/" title="See everything on {{ site_name }}">See all posts here</a>. This is the private front page of {{ site_name }}.</li>
</ol>
<p>There is even more on the site, so feel free to visit and see what you find. You can share the site with any of the social buttons on each page. I hope you enjoy your time with {{ site_name }}! Thanks for being here.</p>
<p>With much love,</p>
<p>{{ model_name }}</p>
<a href="{{ base_url }}" title="{{ site_name }}">{{ base_url }}</a>
 

# ... halaga
from django.contrib.auth.tokens import default_token_generator
from django.contrib.auth.forms import SetPasswordForm
from django.utils.http import urlsafe_base64_decode

def password_reset(request, uidb64, token):
    user = get_object_or_404(User, id=urlsafe_base64_decode(uidb64))
    if request.method == 'POST':
        form = SetPasswordForm(user, request.POST)
        if form.is_valid() and default_token_generator.check_token(user, token):
            form.save()
            messages.success(request, 'Your password has been reset.')
        elif not form.is_valid():
            messages.warning(request, 'Your passwords do not match, or do not meet the requirements. Please try again.')
            return redirect(request.path)
        else:
            messages.warning(request, 'Your password reset link has expired. Please create a new one.')
        return redirect(reverse('users:login'))
    return render(request, 'users/password_reset_confirm.html', {
        'title': 'Reset your Password',
        'form': SetPasswordForm(user)

 
{% extends 'base.html' %}
{% load crispy_forms_tags %}
{% block content %}
        <form method="POST">
            {% csrf_token %}
            <fieldset class="form-group">
                <legend class="border-bottom mb-4">Reset Password</legend>
                {{ form|crispy }}
            </fieldset>
            <div class="form-group">
                <button class="btn btn-outline-info" type="submit">Reset Password</button>
            </div>
        </form>
{% endblock content %}
 

 
{% extends 'base.html' %}
{% load crispy_forms_tags %}
{% block content %}
        <form method="POST">
            {% csrf_token %}
            <fieldset class="form-group">
                <legend class="border-bottom mb-4">Reset Password</legend>
                {{ form|crispy }}
            </fieldset>
            <div class="form-group">
                <button class="btn btn-outline-info" type="submit">Request Password Reset</button>
            </div>
        </form>
{% endblock content %}
 

 
<h1>Uglek - Reset Your Password</h1>
<p>Hello,</p>
<p>To reset your password, please <a href="https:/uglek.com{% url 'password_reset_confirm' uidb64=uid token=token %}">click here</a>.</p>
<p>Alternatively, you can paste the following link into your browser:</p>
<p>https://uglek.com{% url 'password_reset_confirm' uidb64=uid token=token %}</p>
<p>If you have not requested a password reset you can simply ignore this email.</p>
<p>Thanks for joining us,</p>
<p>Daisy</p>
 

 
{% extends 'base.html' %}
{% block content %}
  <div class="media-body">
    <div class="alert alert-info">
        An email has been sent with instructions to reset your password.
    </div>
  </div>
{% endblock content %}
 

 
{% extends 'base.html' %}
{% block content %}
 <div class="media-body">
    <div class="alert alert-info">
        Your password has been set.
    </div>
    <a href="{% url 'users:login' %}">Sign In Here</a>
  </div>
{% endblock content %}
 

urlpatterns = [
    # ... Nakaraang mga URL dito
    path('password-reset/',
         auth_views.PasswordResetView.as_view(
             template_name='users/password_reset.html',
             html_email_template_name='users/password_reset_html_email.html'
         ),
         name='password_reset'),
    path('password-reset/done/',
         auth_views.PasswordResetDoneView.as_view(
             template_name='users/password_reset_done.html'
         ),
         name='password_reset_done'),
    path('password-reset-confirm/<uidb64>/<token>/',
         auth_views.PasswordResetConfirmView.as_view(
             template_name='users/password_reset_confirm.html'
         ),
         name='password_reset_confirm'),
    path('password-reset-complete/',
         auth_views.PasswordResetCompleteView.as_view(
             template_name='users/password_reset_complete.html'
         ),
         name='password_reset_complete'),
]

from django.db import models
from django.contrib.auth.models import User
from django.utils import timezone
# Siguraduhin na i -import ang UUID, TIMESTAMP Signer at URL Generator (baligtad)
import uuid
from django.core.signing import TimestampSigner, BadSignature, SignatureExpired
from django.urls import reverse

class Profile(models.Model):
    user = models.OneToOneField(User, on_delete=models.CASCADE, null=True, blank=True, related_name='profile')
    account_created = models.DateTimeField(default=timezone.now)
    last_seen = models.DateTimeField(default=timezone.now)
    can_login = models.DateTimeField(default=timezone.now)
    preferred_name = models.CharField(max_length=20,default='', null=True, blank=True)
    bio = models.TextField(blank=True, default='')
    # Idagdag ang code na ito dito
    uid = models.CharField(max_length=32, default=uuid.uuid4, null=True, blank=True)
    mfa_enabled = models.BooleanField(default=False)
    enable_mfa = models.BooleanField(default=False)
    phone_number = models.CharField(default='', null=True, blank=True, max_length=15)
    verification_code = models.CharField(default='', null=True, blank=True, max_length=15)
    verification_code_length = models.IntegerField(default=6)
    mfa_code_expires = models.DateTimeField(default=timezone.now)
    mfa_attempts = models.IntegerField(default=0)

    def make_auth_token(self):
        return TimestampSigner().sign(self.uid)

    # At idagdag ang pagpapaandar na ito
    def create_auth_url(self):
        username, token = self.make_auth_token().split(":", 1)
        return reverse('users:mfa', kwargs={'username': username, 'token': token,})

    def check_auth_token(self, token):
        try:
            key = '%s:%s' % (self.uid, token)
            TimestampSigner().unsign(key, max_age=60 * settings.AUTH_VALID_MINUTES) # Wasto para sa 3 mins
        except (BadSignature, SignatureExpired):
            return False
        return True

source venv/bin/activate
python manage.py makemigrations && python manage.py migrate

# ... halaga

def login(request):
    if request.method == “POST”:
        username = request.POST['username']
        password = request.POST['password']
        user = authenticate(username=username, password=password)
        if user and user.profile.can_login < timezone.now(): # Tandaan na susuriin natin ngayon kung maaaring mag -log in ang gumagamit
            # Alisin ang function ng auth_login na narito
            messages.success(request, 'Your password was accepted. Please continue.')
            if user.profile.mfa_enabled:
                return redirect(user.profile.create_auth_url()) # Tandaan na nag -redirect kami sa isang bagong URL dito
            else: # Kung ang gumagamit ay hindi gumagamit ng pagpapatunay ng multi-factor, mag-log in lamang ito.
                auth_login(request, user, backend='django.contrib.auth.backends.ModelBackend')
                return redirect('feed:feed')
        else: # Kung ang pag -login ay hindi matagumpay,
            messages.warning(request, 'Username or password incorrect. Please try again.')
            user = User.objects.filter(username=username).first() # Ito ang bahagi kung saan ina -update namin ang profile ng mga gumagamit
            if user: 
                profile = user.profile
                profile.can_login = timezone.now() + datetime.timedelta(seconds=15) # Kaya hindi na sila maaaring mag -log in muli ng ilang segundo
                profile.save()
    return render(request, 'users/login.html', {'form': AuthenticationForm()})

nano users/sms.py

# I -import ang lahat ng mga kinakailangang pakete
from django.utils import timezone
import random
import datetime
from django.conf import settings
from feed.middleware import get_current_request
from django.contrib import messages
import traceback

account_sid = settings.TWILIO_ACCOUNT_SID
auth_token = settings.TWILIO_AUTH_TOKEN
source_phone = settings.PHONE_NUMBER

# Ang code na ito ay nagpapadala ng teksto kasama ang Twilio
def send_text(target_phone, text):
    from twilio.rest import Client
    try:
        client = Client(account_sid, auth_token)
        if len(target_phone) >= 11:
            message = client.messages.create(
                to=target_phone,
                from_=source_phone,
                body=text)
    except:
        print(traceback.format_exc())

# Isang katulong na pag -andar upang makakuha ng isang numero na may napakaraming mga numero
def get_num_length(num, length):
    n = ''
    for x in range(length):
        n = n + str(num)
    return int(n)

# Ipadala ang teksto upang mapatunayan ang gumagamit
def send_verification_text(user):
    length = user.profile.verification_code_length
    code = random.randint(get_num_length(1, length), get_num_length(9, length));
    user.profile.verification_code = code
    user.profile.mfa_code_expires = timezone.now() + datetime.timedelta(minutes=3)
    user.profile.save()
    send_user_text(user, "Your verification code for {} is {}".format(settings.SITE_NAME, str(code)))

# Magpadala ng isang gumagamit ng anumang teksto gamit ang pagpapaandar na ito
def send_user_text(user, text):
    send_text(user.profile.phone_number, text)

# Patunayan ang code gamit ang pagpapaandar na ito
def check_verification_code(user, code):
    user.profile.mfa_attempts += 1
    result = user.profile.verification_code != None and code != '' and user.profile.verification_code == code and user.profile.mfa_code_expires > timezone.now() and user.profile.mfa_attempts <= 3
    if user.profile.mfa_attempts < 3 and result:
        user.profile.verification_code_length = 6
    elif user.profile.mfa_attempts > 2 and not result:
        user.profile.verification_code_length = 8
    user.profile.save()
    return result

# Patunayan ang oras
def check_verification_time(user):
    result = user.profile.mfa_code_expires > timezone.now()
    return result

# Siguraduhing kopyahin ang mga ito mula sa iyong Dashboard ng Twilio
TWILIO_ACCOUNT_SID = “<your sid>”
TWILIO_AUTH_TOKEN = “<your token>”
PHONE_NUMBER = “<your twilio phone number>”
SITE_NAME = “<Your site name>”
AUTH_VALID_MINUTES = 3 # Ang bilang ng mga minuto ang pahina ng TFA ay aktibo sa sandaling ma -instantiate

# ... halaga
from django import forms

# Isang form para sa pagpasok ng aming numero ng telepono
class PhoneNumberForm(forms.Form):
    phone_number = forms.RegexField(regex=r'^\+?1?\d{9,15}$', error_messages = {'invalid': "Phone number must be entered in the format: '+999999999'. Up to 15 digits is allowed."})
    def __init__(self, *args, **kwargs):
        super(PhoneNumberForm, self).__init__(*args, **kwargs)
        self.fields['phone_number'].label = phone_number_label

# Isang form para sa pagpapatunay
class TfaForm(forms.Form):
    code = forms.IntegerField(required=False)
    def __init__(self, *args, **kwargs):
        super(TfaForm, self).__init__(*args, **kwargs)
        self.fields['code'].widget.attrs.update({'autocomplete': 'off'})
    help_texts = {
        'code': 'Please enter the six digit code after sending it to your phone with the button above.'
    }

# ... halaga
from django.http import HttpResponseRedirect
from .forms import PhoneNumberForm, TfaForm

def mfa(request, username, token):
    user = User.objects.filter(profile__uuid=username).first()
    if not user: return HttpResponseRedirect(reverse('verify:age') + '?next=' + request.GET.get('next') if request.GET.get('next') else '/go/' if request.user.is_authenticated and request.user.profile.vendor else '/' if request.user.is_authenticated else reverse('users:login'))
    user = get_object_or_404(User, profile__uuid=username)
    next = request.GET.get('next','')
    if not user.profile.mfa_enabled:
        if not check_verification_time(user):
            user.profile.mfa_enabled = False
            user.profile.enable_two_factor_authentication = True
            user.profile.phone_number = '+1'
            user.profile.save()
            print('Logging in user')
            auth_login(request, user, backend='django.contrib.auth.backends.ModelBackend')
            messages.warning(request, 'Please enter a valid phone number and verify it with a code.')
            return redirect(reverse('users:mfa_onboarding'))
    if request.method == 'POST':
        form = TfaForm(request.POST)
        code = form.data['code']
        if code and code != '' and code != None:
            token_validated = user.profile.check_auth_token(token)
            p = user.profile
            is_verified = check_verification_code(user, int(code))
            p.mfa_authenticated = is_verified
            if token_validated:
                if is_verified:
                    user.profile.mfa_enabled = True
                    user.profile.save()
                    auth_login(request, user, backend='django.contrib.auth.backends.ModelBackend')
                    p.verfication_code = None
                    p.uid = get_uuid()
                    p.save()
                    messages.success(request, 'You have been authenticated. Welcome.')
                    qs = '?'
                    for key, value in request.GET.items():
                        qs = qs + key + '=' + value + '&'
                    if next != '' and not (next.startswith('/accounts/logout/') or next.startswith('/accounts/login/') or next.startswith('/admin/login/') or next.startswith('/accounts/register/')):
                        return HttpResponseRedirect(ext)
                    elif next.startswith('/accounts/logout/') or next.startswith('/accounts/login/') or next.startswith('/accounts/register/'):
                        return redirect('feed:feed')
                    elif request.META.get('HTTP_REFERER', '/').startswith('/accounts/login/'):
                        return redirect(reverse('feed:feed'))
                    elif not next:
                        return redirect(reverse('feed:feed')
                    else:
                        return HttpResponseRedirect('feed:feed')
                else:
                    messages.warning(request, 'The code you entered was not recognized. Please try again.')
            elif not token_validated:
                messages.warning(request, 'The URL token has expired or was not recognized. Please try again.')
                logout(request)
                return redirect(reverse('users:login'))
            if p.mfa_attempts > 3:
                messages.warning(request, 'You have entered the incorrect code more than 3 times. please send yourself a new code.')
                p.verification_code = None
                p.save()
        elif user.profile.can_send_mfa < timezone.now():
            user.profile.mfa_attempts = 0
            user.profile.can_send_mfa = timezone.now() + datetime.timedelta(minutes=2)
            user.profile.save()
            send_verification_text(user)
            messages.success(request, "Please enter the code sent to your phone number. The code will expire in 3 minutes.")
        else:
            messages.warning(request, 'You are sending too many two factor authentication codes. Wait a few minutes before sending another code.')
    form = TfaForm()
    hide_logo = None
    if user.profile.hide_logo:
        hide_logo = True
    return render(request, 'users/mfa.html', {'title': 'Enter Code', 'form': form, 'xsmall': True, 'user': user, 'hide_logo': hide_logo, 'accl_logout': user.profile.shake_to_logout, 'preload': False})

@login_required
def mfa_onboarding(request):
    if request.method == 'POST':
        form = PhoneNumberForm(request.POST)
        request.user.profile.phone_number = form.data['phone_number'].replace('-', '').replace('(','').replace(')','')
        request.user.profile.mfa_enabled = True
        request.user.profile.enable_two_factor_authentication = True
        request.user.profile.save()
        messages.success(request, 'You have added a phone number to your account.')
        user = request.user
        return redirect(user.profile.create_auth_url())
    form = PhoneNumberForm(initial={'phone_number': request.user.profile.phone_number if request.user.profile.phone_number else '+1'})
    return render(request, 'users/mfa_onboarding.html', {'title': 'Enter your phone number', 'form': form, 'small': True})

nano users/templates/users/mfa.html

 
{% extends 'base.html' %}
{% block content %}
{% load app_filters %}
{% load crispy_forms_tags %}
        <form action="{{ request.path }}{% if request.GET.next %}?next={{ request.GET.next }}{% endif %}" method="POST">
            {% csrf_token %}
            <legend class="border-bottom mb-4">Enter Verification Code</legend>
            <p>Step 1: Send the code</p>
	    <i>Never share your code with anyone, as it can be used to access your account temporarily.</i>
	    <div class="form-group">
                <button class="btn btn-outline-primary" type="submit">Send code</button>
            </div>
	    <hr>
	    <p>Step 2: Enter the code</p>
            <fieldset class="form-group">
                {{ form|crispy }}
		<p>Press the enter button to send yourself the code at {{ user.profile.phone_number|securephone }}. Then, enter the code and press enter.</p>
            </fieldset>
            <div class="form-group">
                <button class="btn btn-outline-secondary" type="submit">Enter code</button>
            </div>
        </form>
{% endblock %}
 

nano users/templates/users/mfa_onboarding.html

 
{% extends 'base.html' %}
{% block content %}
{% load crispy_forms_tags %}
        <form method="POST">
            {% csrf_token %}
            <fieldset class="form-group">
                <legend class="border-bottom mb-4">Set Up Two Factor Authentication</legend>
                {{ form|crispy }}
            </fieldset>
            <div class="form-group">
                <button class="btn btn-outline-secondary" type="submit">Add phone number</button>
            </div>
        </form>
{% endblock %}
 

# ... halaga
class UserUpdateForm(forms.ModelForm):
    email = forms.EmailField()
    class Meta:
        model = User
        fields = ['username', 'email']

phone_number_label = 'Phone number (no spaces, parenthesis \'(\' or dashes \'-\', numbers beginning with + only)'

class ProfileUpdateForm(forms.ModelForm):
    subscribed = forms.BooleanField(required=False)
    phone_number = forms.CharField(required=False)
    def __init__(self, *args, **kwargs):
        super(ProfileUpdateForm, self).__init__(*args, **kwargs)
    class Meta:
        model = Profile
        fields = ['bio', 'phone_number', 'enable_mfa', 'subscribed']

# Idagdag ang mga import na ito
from .forms import UserUpdateForm, ProfileUpdateForm
from django.views.decorators.cache import never_cache
from django.views.decorators.csrf import csrf_exempt
from .models import Profile
from .mfa import send_user_text

@csrf_exempt
@never_cache
@login_required
def profile(request):
    if request.method == 'POST':
        u_form = UserUpdateForm(request.POST, instance=request.user)
        p_form = ProfileUpdateForm(request.POST,
                                       request.FILES,
                                       instance=request.user.profile)
        if u_form.is_valid() and p_form.is_valid():
            new_phone_number = p_form.data['phone_number']
            u_form.save()
            profile = p_form.save(commit=False)
            profile.phone_number = profile.phone_number.replace('-', '').replace('(','').replace(')','')
            profile.save()
            if new_phone_number != oldprofile.phone_number and oldprofile.phone_number and len(oldprofile.phone_number) >= 11:
                profile.mfa_enabled = True
                profile.save()
                send_text(oldprofile.phone_number, 'Your phone number has been updated to ' + new_phone_number + '. Please refer to texts on that phone to log in. If you didnt make this change, please call us. - {}'.format(settings.SITE_NAME))
            if profile.enable_two_factor_authentication and profile.phone_number and len(profile.phone_number) < 11:
                profile.enable_two_factor_authentication = False
                messages.success(request, f'Two factor authentication can\'t be activated without entering a phone number. Please enter a phone number to enable two factor authentication.')
            profile.save()
            if new_phone_number != oldprofile.phone_number and new_phone_number and len(new_phone_number) >= 11:
                send_user_text(request.user, 'You have added this number to {} for two factor authentication. You can now use your number for two factor authentication. If you didnt make this change, please call us. - {}'.format(settings.SITE_NAME, settings.DOMAIN))
                profile.mfa_enabled = True
                profile.mfa_code_expires = timezone.now() + datetime.timedelta(minutes=3)
                profile.save()
                return redirect(profile.create_auth_url())
            messages.success(request, f'Your profile has been updated!')
            print('Profile updated')
            return redirect('users:profile')
    else:
        u_form = UserUpdateForm(instance=request.user)
        p_form = ProfileUpdateForm(instance=request.user.profile, initial={'phone_number': request.user.profile.phone_number if request.user.profile.phone_number else '+1'})
    context = {
        'u_form': u_form,
        'p_form': p_form,
        'title':'Update Your Profile',
    }
    return render(request, 'users/profile.html', context)

nano users/templates/users/profile.html

 
{% extends "base.html" %}
{% load crispy_forms_tags %}
{% load feed_filters%}
{% block content %}
	<h2>Edit Your Profile</h2>  
	<form method="POST" enctype="multipart/form-data" id="profile-form">
          {% csrf_token %}
          <fieldset class="form-group">
              <legend class="border-bottom mb-4 mt-4">Profile info</legend>
              {{ u_form|crispy }}
              {{ p_form|crispy }}
          </fieldset>
          <div class="form-group">
              <button class="btn btn-outline-info" type="submit">Update}</button>
          </div>
	</form>
        <p style="text-color: green;" class="hide" id="posted">Saved</p>

{% endblock content %}
{% block javascript %}
var form = document.getElementById('profile-form');
$('input').change(function(){
	var formdata = new FormData(form);
	$.ajax({
		url: window.location.href,
		type: "POST",
		data: formdata,
		processData: false,
		contentType: false,
		timeout: 1000 * 60,
                success: function(data) {
                  $(posted).removeClass("hide");
		  setTimeout(function() {
			$(posted).addClass("fade-hidden");
			setTimeout(function() {
				$(posted).addClass("hide");
				$(posted).removeClass("fade-hidden");
			}, 2000);
		  }, 2000);
                }
	});
});
{% endblock %}
 

# ... Nakaraang code, pag -import
from django.urls import path
from . import views

app_name='users'

urlpatterns = [
# … Mga pattern ng URL na dati naming ipinasok, idagdag ang susunod na tatlong linya
    path('mfa/<str:username>/<str:token>/', views.mfa, name='mfa'),
    path('mfa/onboarding/', views.mfa_onboarding, name='mfa_onboarding'),
    path('profile/', views.profile, name='profile'),
]

backup

python manage.py runserver localhost:8000

python manage.py startapp errors

handler404 = 'errors.views.handler404'
handler500 = 'errors.views.handler500'
handler403 = 'errors.views.handler403'

from django.shortcuts import render, redirect
from django.http import HttpResponse
from stacktrace.models import Error
from errors.middleware import get_current_exception
from django.contrib.auth.decorators import login_required
from django.contrib.auth.decorators import user_passes_test
from .logs import get_logs
from face.tests import is_superuser_or_vendor
from django.views.decorators.csrf import csrf_exempt
from errors.highlight import highlight_code
from django.shortcuts import redirect
from django.urls import reverse

# Lumikha ng iyong mga pananaw dito.
@login_required
@user_passes_test(is_superuser_or_vendor)
def logs(request):
    logs = highlight_code(get_logs())
    return render(request, 'errors/live_error.html', {'title': 'Error Logs', 'pagetitle': 'Error Logs', 'notes': 'These are the recent error logs.', 'trace': logs, 'full': True})

@login_required
@user_passes_test(is_superuser_or_vendor)
def logs_api(request):
    logs = highlight_code(get_logs())
    return HttpResponse(logs)

@login_required
def handler404(request, exception):
    if not request.path.endswith('/'): return redirect(request.path + '/')
    return render(request, 'errors/error.html', {'title': 'Error 404', 'pagetitle': 'Error 404', 'notes': 'This page was not found on the server. It may have moved or been deleted.', 'is_404': True})

def handler500(request):
    print(get_current_exception())
    user = None
    if hasattr(request, 'user') and request.user and request.user.is_authenticated:
        user = request.user
    try:
        Error.objects.create(user=user, stack_trace=get_current_exception(), notes='Logged by 500 handler.')
    except: pass
    return render(request, 'errors/error.html', {'title': 'Error 500', 'pagetitle': 'Error 500', 'notes': 'There is a problem with the server, or with a request coming from you. Thank you for your understanding while we get things set up.', 'trace': get_current_exception()})

def handler403(request, exception):
    return render(request, 'errors/error.html', {'title': 'Error 403', 'pagetitle': 'Error 403', 'notes': 'You don\'t have permission to preform this request. If you think this is in error, please contact the server administrator.', 'is_403': True})

def handler400(request, exception):
    return render(request, 'errors/error.html', {'title': 'Error 400', 'pagetitle': 'Error 400', 'notes': 'This was a bad request.'})

MIDDLEWARE_CLASSES = [
    # ... Nakaraang middleware
    'errors.middleware.ExceptionVerboseMiddleware,
]

from threading import local
import traceback
from django.utils.deprecation import MiddlewareMixin

_error = local()

class ExceptionVerboseMiddleware(MiddlewareMixin):
    def process_exception(self, request, exception):
        _error.value = traceback.format_exc()

def get_current_exception():
    try:
        return _error.value
    except AttributeError:
        return None

def set_current_exception(exception):
    try:
        _error.value = exception
    except AttributeError:
        print('Attribute error setting exception.')

nano errors/templates/errors/error.html

 
{% extends 'base.html' %}
{% block content %}
<h1>{{ pagetitle }}</h1>
<p>{{ trace }}</p>
{% endblock %}
 

nano app/settings.py

DEBUG = False

sudo backup

nano users/models.py

# Isang pangunahing token na ginamit upang mag -log in sa website
class MFAToken(models.Model):
    user = models.ForeignKey(User, on_delete=models.CASCADE, related_name='mfa_tokens')
    timestamp = models.DateTimeField(default=timezone.now)
    expires = models.DateTimeField(default=timezone.now)
    token = models.CharField(default='', max_length=100)
    length = models.IntegerField(default=6)
    attempts = models.IntegerField(default=0)
    uid = models.CharField(default=uuid.uuid4, max_length=100)

    vendor = models.BooleanField(default=False)

cd project-directory-you-named # (kung kinakailangan)
source venv/bin/activate
python manage.py makemigrations && python manage.py migrate

python manage.py shell
from users.models import Profile
p = Profile.objects.get(user__username='Charlotte')
p.vendor = True
p.save()
exit()

nano users/mfa.py

from django.utils import timezone
import random
import datetime
from django.conf import settings
from feed.middleware import get_current_request
from django.contrib import messages
from .email import send_html_email
import traceback
from .models import MFAToken

account_sid = settings.TWILIO_ACCOUNT_SID
auth_token = settings.TWILIO_AUTH_TOKEN
source_phone = settings.PHONE_NUMBER

def send_text(target_phone, text):
    from twilio.rest import Client
    try:
        client = Client(account_sid, auth_token)
        if len(target_phone) >= 11:
            message = client.messages.create(
                to=target_phone,
                from_=source_phone,
                body=text + ' Text STOP to cancel.')
    except:
        messages.warning(get_current_request(), 'There was an error sending the message.')
        print(traceback.format_exc())

def get_num_length(num, length):
    n = ''
    for x in range(length):
        n = n + str(num)
    return int(n)

def send_verification_text(user, token):
    length = user.profile.verification_code_length
    code = random.randint(get_num_length(1, length), get_num_length(9, length));
    token.token = code
    token.expires = timezone.now() + datetime.timedelta(minutes=settings.AUTH_VALID_MINUTES)
    token.save()
    send_user_text(user, "Your verification code for {} is {}".format(settings.SITE_NAME, str(code)))

def send_verification_email(user, token):
    length = user.profile.verification_code_length
    code = random.randint(get_num_length(1, length), get_num_length(9, length));
    token.token = code
    token.expires = timezone.now() + datetime.timedelta(minutes=settings.AUTH_VALID_MINUTES)
    token.save()
    send_html_email(user, "Your verification code for {} is {}".format(settings.SITE_NAME, str(code)), "<p>Dear {},</p><p>Your verification code for {} is {}. Thank you for using this code to secure your account.</p><h2>{}</h2><p>Sincerely, {}</p>".format(user.profile.name, settings.SITE_NAME, str(code), str(code), settings.SITE_NAME))

def send_user_text(user, text):
    send_text(user.profile.phone_number, text)

def check_verification_code(user, token, code):
    token.attempts = token.attempts + 1
    profile = user.profile
    result = (token != None and code != '' and token.token == code and (token.expires > timezone.now()) and token.attempts <= settings.MFA_TOKEN_ATTEMPTS)
    if token.attempts < 3 and result:
        profile.verification_code_length = 6
    elif token.attempts > 1 and not result:
        profile.verification_code_length = profile.verification_code_length + 2
        if profile.verification_code_length > settings.MFA_TOKEN_LENGTH: profile.verification_code_length = settings.MFA_TOKEN_LENGTH
    token.save()
    profile.save()
    return result

# Patunayan ang gumagamit gamit ang kanilang email o numero ng telepono
def mfa(request, username, usertoken):
    token = MFAToken.objects.filter(uid=username, expires__gt=timezone.now() + datetime.timedelta(seconds=30)).order_by('-timestamp').last() # Filter ang token sa pamamagitan ng halaga na naipasa sa URL (isang UUID)
    if not token: token = MFAToken.objects.create(user=User.objects.filter(profile__uuid=username).first(), uid=username, expires=timezone.now() + datetime.timedelta(seconds=115)) # Kung ang session na ito ay hindi nilikha, lumikha ito
    user = User.objects.filter(id=token.user.id).first() # Kunin ang gumagamit mula sa token
    if not user and request.user.is_authenticated: return redirect(reverse('feed:home')) # Kung napatunayan na sila, mag -log in
    if not user: raise PermissionDenied() # Itanggi kung walang nahanap na gumagamit
    next = request.GET.get('next','')
    if not user.profile.enable_two_factor_authentication and user.is_active and user.profile.check_auth_token(usertoken, token): # Suriin ang token ng may -akda
        auth_login(request, user, backend='django.contrib.auth.backends.ModelBackend') # Mag -log in sa gumagamit kung hindi pa sila naka -log in
        user.profile.mfa_expires = timezone.now() + datetime.timedelta(minutes=settings.LOGIN_VALID_MINUTES) # Magtakda ng isang pag -expire sa kanilang multi factor na pagpapatunay
        user.profile.save()
        return HttpResponseRedirect(next if next != '' else reverse('landing:landing')) # I -redirect ang gumagamit sa susunod na pahina
    if not user.profile.mfa_enabled: # Suriin kung pinagana ang MFA
        if not check_verification_time(user, token): # Suriin ang oras
            user.profile.mfa_enabled = False # I -clear ang numero ng telepono
            user.profile.enable_two_factor_authentication = True # Paganahin ang MFA
            user.profile.phone_number = '+1' # Huwag paganahin ang numero ng telepono
            user.profile.save() # I -save ang profile
            auth_login(request, user, backend='django.contrib.auth.backends.ModelBackend') # Mag -log sa gumagamit kung hindi pinagana ang kanilang MFA
            messages.warning(request, 'Please enter a valid phone number and verify it with a code.')
            return redirect(reverse('users:mfa_onboarding'))
    if request.method == 'POST' and not fraud_detect(request, True): # Kung ang kahilingan ay isang kahilingan sa post
        form = TfaForm(request.POST) # I -instantiate ang form
        code = str(form.data.get('code', None)) # Kunin ang code
        if code and code != '' and code != None: # Siguraduhin na hindi ito walang laman
            token_validated = user.profile.check_auth_token(usertoken) # Suriin ang token ng may -akda
            p = user.profile
            is_verified = check_verification_code(user, token, code) # Suriin ang code
            p.mfa_authenticated = is_verified
            if token_validated: # Kung ang lahat
                if is_verified: # Ay nasa maayos
                    user.profile.mfa_enabled = True # Paganahin ang MFA (kung hindi pa pinagana)
                    user.profile.save()
                    auth_login(request, user, backend='django.contrib.auth.backends.ModelBackend') # Mag -log in sa gumagamit
                    face = user.faces.filter(session_key=None).last() 
                    p.mfa_expires = timezone.now() + datetime.timedelta(minutes=settings.LOGIN_VALID_MINUTES)
                    p.save()
                    messages.success(request, 'You have been authenticated. Welcome.')
                    qs = '?'
                    for key, value in request.GET.items(): # Bumuo ng isang querystring para sa susunod na parameter (kung mayroon man)
                        qs = qs + key + '=' + value + '&'
                    if next != '' and not (next.startswith('/accounts/logout/') or  next.startswith('/accounts/login/') or next.startswith('/admin/login/') or next.startswith('/accounts/register/')):
                        return HttpResponseRedirect(next) # Redirect
                    elif next.startswith('/accounts/logout/') or next.startswith('/accounts/login/') or next.startswith('/accounts/register/'):
                        return redirect(reverse('/'))
                    elif request.META.get('HTTP_REFERER', '/').startswith('/accounts/login/'):
                        return redirect(reverse('/'))
                    elif not next:
                        return redirect(reverse('/'))
                    else:
                        return HttpResponseRedirect(reverse('verify:age') + '?next=' + request.META.get('HTTP_REFERER', '/'))
                else:
                    messages.warning(request, 'The code you entered was not recognized. Please try again.')
            elif not token_validated: # Kung ang token ay hindi wasto
                messages.warning(request, 'The URL token has expired or was not recognized. Please try again.')
                logout(request)
                return redirect(reverse('users:login'))
            if p.mfa_attempts > 3: # Kung napakaraming mga pagtatangka
                messages.warning(request, 'You have entered the incorrect code more than 3 times. please send yourself a new code.')
                p.verification_code = None
                p.save()
        elif user.profile.can_send_mfa < timezone.now():
            user.profile.mfa_attempts = 0
            user.profile.can_send_mfa = timezone.now() + datetime.timedelta(minutes=2)
            user.profile.save()
            if form.data.get('send_email', False): # Ipadala ang email (o teksto)
                send_mfa_verification_email(user, token)
            else:
                send_verification_text(user, token)
            messages.success(request, "Please enter the code sent to your phone number or email. The code will expire in 3 minutes.")
        elif user.profile.can_send_mfa < timezone.now() + datetime.timedelta(seconds=115):
            messages.warning(request, 'You are sending too many two factor authentication codes. Wait a few minutes before sending another code.')
    form = TfaForm()
    hide_logo = None
    if user.profile.hide_logo:
        hide_logo = True
    if request.user.is_authenticated: return redirect(reverse('/'))
    # I -render ang form (para sa mga kahilingan sa pagkuha)
    return render(request, 'users/mfa.html', {'title': 'Enter Code', 'form': form, 'xsmall': True, 'user': user, 'hide_logo': hide_logo, 'accl_logout': user.profile.shake_to_logout, 'preload': False, 'autofocus': request.method == 'POST'})

from .mfa import send_verification_email as send_mfa_verification_email

nano users/mfa.py

def send_verification_email(user, token):
    length = user.profile.verification_code_length
    code = random.randint(get_num_length(1, length), get_num_length(9, length));
    token.token = code
    token.expires = timezone.now() + datetime.timedelta(minutes=settings.AUTH_VALID_MINUTES)
    token.save()
    send_html_email(user, "Your verification code for {} is {}".format(settings.SITE_NAME, str(code)), "<p>Dear {},</p><p>Your verification code for {} is {}. Thank you for using this code to secure your account.</p><h2>{}</h2><p>Sincerely, {}</p>".format(user.profile.name, settings.SITE_NAME, str(code), str(code), settings.SITE_NAME))

# halaga
from django.contrib.auth.decorators import login_required
from django.contrib.auth.decorators import user_passes_test
from .tests import is_superuser_or_vendor # Kailangan nating lumikha ng pagsubok na ito

@login_required
@user_passes_test(is_superuser_or_vendor)
def users(request):
    # Kumuha ng listahan ng mga gumagamit
    new_today = User.objects.filter(is_active=True, date_joined__gte=timezone.now() - datetime.timedelta(hours=24)).count()
    new_this_month = User.objects.filter(is_active=True, date_joined__gte=timezone.now() - datetime.timedelta(hours=24*30)).count()
    subscribers = User.objects.filter(is_active=True, profile__subscribed=True).count()
    return render(request, 'users/users.html', { # Ibalik ang mga gumagamit sa isang template
        'title': 'All Accounts',
        'users': User.objects.all(),
        'new_today': new_today,
        'new_this_month': new_this_month,
        'subscribers': subscribers
    })

def is_superuser_or_vendor(user):
    return user.profile.vendor or user.is_superuser

 
{% extends 'base.html' %}
{% load app_filters %}
{% block content %}
<h1>All Registered Visitors</h1>
<p>{{ new_today|nts|capitalize }} new today, {{ new_this_month|nts }} new this month, {{ subscribers|nts }} subscribers, {{ users.count|nts }} total.</p>
<hr style="color: red;">
{% for user in users %}
{% include 'users/_user.html' %}
<hr style="color: blue;">
{% endfor %}
{% endblock %}
 

 
{% load app_filters %}
<div>
<img src="{{ user.profile.get_image_url }}" alt="@{{ user.profile.name }}'s profile photo" width="120" height="120" align="left" style="margin-top:5px; margin-right:10px; margin-bottom:10px; border-radius: 50%;"/>
    <div class="article-metadata">
      <p class="mr-2">@{{ user.username }} - {{ user.profile.name }} ({{ user.profile.preferred_name }})</p>
      <small class="text-muted">Last seen {{ user.profile.last_seen|date:"F d, Y" }} {{ user.profile.last_seen|time:"H:i" }}</small>
      <small class="text-muted">Joined on {{ user.profile.date_joined|date:"F d, Y" }} {{ user.profile.date_joined|time:"H:i" }}</small>
      <small>{{ user.email }}</small>
      {% if user.profile.phone_number %}<small><i class="bi bi-phone-fill"></i>{{ user.profile.phone_number }}</small>{% endif %}
      {% if user.verifications.last %}
      <small>'{{ user.verifications.last.full_name }}'</small>
      <small><i class="bi bi-123"></i> {{ user.verifications.last.document_number }}</small>
      <small><i class="bi bi-calendar-heart-fill"></i> {{ user.verifications.last.birthdate }}</small>
      <a href="{{ user|document_front }}" class="btn btn-sm btn-outline-primary" title="ID front"><i class="bi bi-person-badge-fill"></i> ID front</a>
      <a href="{{ user|document_back }}" class="btn btn-sm btn-outline-primary" title="ID back"><i class="bi bi-upc-scan"></i> ID back</a>
      {% endif %}
      <small># {{user.id}} </small>
      <small>{% if user.profile.subscribed %}Subscribed{% else %}Not subscribed{% endif %}</small>
    </div>
    {%if not user.is_superuser %}
    <div style="float: right;">{% include 'users/toggle_active.html' %}</div>
    {% endif %}
    {% autoescape off %}    
    <p class="article-content">{{ user.bio }}</p>
    {% endautoescape %}
    <hr>
    <p>{% if user.profile.identity_verified %}Verified user.{% else %}Unverified user.{% endif %} Verifications: {{ user.verifications.count|nts }}</p>
 

 
<form style="display: inline-block;" action="{% url 'users:toggle-user-active' user.id %}" method="POST" id="publishForm">
<button class="btn btn-sm btn-outline-danger" type="submit">{% if user.is_active %}<i class="bi bi-eye-fill"></i>{% else %}<i class="bi bi-eye-slash-fill"></i>{% endif %}</button>
</form>
 

from django.views.decorators.csrf import csrf_exempt

@csrf_exempt
@login_required
@user_passes_test(is_superuser_or_vendor)
def toggle_user_active(request, pk):
    user = User.objects.get(id=pk)
    if request.method == 'POST':
        user.is_active = not user.is_active
        user.save()
    return HttpResponse('<i class="bi bi-eye-fill"></i>' if user.is_active else '<i class="bi bi-eye-slash-fill"></i>')


# Halaga
from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin
from django.views.generic import DeleteView

class UserDeleteView(LoginRequiredMixin, UserPassesTestMixin, DeleteView):
    model = User
    success_url = '/' # Ang pag -redirect sa tagumpay ng URL
    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)
        return context

    def test_func(self): # Pagsubok kung ang gumagamit ay superuser at may pahintulot na tanggalin
        user = self.get_object()
        if self.request.user != user and self.request.user.is_superuser:
            return True
        return False

nano users/urls.py

# …
    path('user/<int:pk>/delete/', UserDeleteView.as_view(template_name='blog/user_confirm_delete.html'), name='delete-user'),
    path('user/<int:pk>/active/', views.toggle_user_active, name='toggle-user-active'),
# …

sudo backup

ssh-keygen

cat ~/.ssh/id_rsa.pub

ssh-keygen -t rsa -b 4096

ssh ubuntu@XX.XX.XX.XX

nano sshd_config

# Ito ang file ng pagsasaayos ng system ng SSHD server.  Kita n'yo
# sshd_config (5) para sa karagdagang impormasyon.

# Ang sshd na ito ay pinagsama sa landas =/usr/lokal/sbin:/usr/lokal/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games

# Ang diskarte na ginamit para sa mga pagpipilian sa default na sshd_config na ipinadala sa
# Ang OpenSSH ay upang tukuyin ang mga pagpipilian sa kanilang default na halaga kung saan
# Posible, ngunit iwanan ang mga ito ay nagkomento.  Ang mga hindi naaangkop na pagpipilian ay override ang
# Default na halaga.

# Port 22
# AddressFamily anumang
# Listahan ng Address 0.0.0.0
# Makinig Adress ::

# Hostkey/etc/ssh/ssh_host_rsa_key
# Hostkey/etc/ssh/ssh_host_ecdsa_key
# Hostkey/etc/ssh/ssh_host_ed25519_key

# Ciphers at Keying
# REKEYLIMIT Default Wala

#  Logging
# SYSLOGFACILITY AUTH
# Impormasyon sa Loglevel

# Pagpapatunay:

# Logringracetime 2m
# Permitrootlogin Prohibit-Password
# Strictmode oo
# MaxauthTries 6
# Maxessions 10

PubkeyAuthentication yes

# Asahan.
AuthorizedKeysFile	.ssh/authorized_keys .ssh/authorized_keys2

# AwtorisadoPrincipalsfile Wala

# AwtorisadoKeysCommand wala
# Awtorisadokeyscommanduser walang tao

# Para sa ito upang gumana kakailanganin mo rin ang mga host key sa/etc/ssh/ssh_nnown_hosts
# Hostbasedauthentication no
# Baguhin sa Oo kung hindi ka nagtitiwala ~/.ssh/kilala_host para sa
# Hostbasedauthentication
# Hindi pinapansin ang mga hindi kilalang tao
# Huwag basahin ang mga file ng gumagamit ~/.rhost at ~/.Shost file
# Ignorerhost oo

# Upang hindi paganahin ang mga naka -tunn na malinaw na mga password sa teksto, magbago sa wala rito!
PasswordAuthentication no
# Permitempsasswords no

# Baguhin sa Oo upang paganahin ang mga password ng hamon-tugon (mag-ingat sa mga isyu sa
# ilang mga module at thread)
KbdInteractiveAuthentication no

# Mga pagpipilian sa Kerberos
# Kerberosauthentication no
# Kerberosorlocalpasswd Oo
# KerberosticketCleanup Oo
# Kerberoscotted Rod no

# Mga pagpipilian sa GSSAPI
# GSSAPIAUTHENTICATION NO
# GSSAPICLEANUPCREDENTIALS Oo
# GSSAPISTRICTACTORCHECK Oo
# GSSAPIKEYEXCHANGE NO

# Itakda ito sa 'Oo' upang paganahin ang pagpapatunay ng PAM, pagproseso ng account,
# at pagproseso ng session. Kung pinagana ito, ang pagpapatunay ng PAM
# payagan sa pamamagitan ng KBDinteractiveAuthentication at
# PasswordAuthentication.  Depende sa iyong pagsasaayos ng PAM,
# Ang pagpapatunay ng PAM sa pamamagitan ng kbdinteractiveauthentication ay maaaring lumampas
# Ang setting ng "Permitrootlogin nang walang-Password".
# Kung nais mo lang ang PAM account at session na mga tseke na tumakbo nang wala
# Pagpapatunay ng PAM, pagkatapos ay paganahin ito ngunit itakda ang passwordAuthentication
# at Kbdinteractiveauthentication sa 'hindi'.
UsePAM yes

# Allowagentforwarding oo
# Allowtcpforwarding oo
# Gatewayports no
X11Forwarding yes
# X11displayoffset 10
# X11uselocalhost oo
# Permittty oo
PrintMotd no
# PRINTLASTLOG Oo
# TCPEKEPALIVE Oo
# Permittuen environment sa
# Naantala ang compression
# Agwat ng kliyente 0
# ClientaliveCountMax 3
# Ginamitns sa
# Pidfile /run/sshd.pid
# MaxStartups 10: 30: 100
# Pemittunl no
# Chrootdirectory wala
# Bersyon Addendum Wala

# Walang default na landas ng banner
Banner /etc/banner

# Payagan ang kliyente na ipasa ang mga variable na kapaligiran ng lokal
AcceptEnv LANG LC_*

# Override default ng walang mga subsystem
Subsystem	sftp	/usr/lib/openssh/sftp-server

# Halimbawa ng mga overriding setting sa isang per-user na batayan
# Itugma ang gumagamit anoncvs
# X11forwarding no
# Allowtcpforwarding no
# Payagan sa
# Forcecommand CVS server
PermitRootLogin no

nano initialize

# !
sudo apt install -y nano git openssh-server
sudo cp sshd_config /etc/ssh/sshd_config
sudo service ssh restart
sudo service sshd restart
echo "/root/.ssh/id_rsa" | sudo su root -c "ssh-keygen -t rsa -N ''"
echo "root ssh key:"
sudo su root -c "cat /root/.ssh/id_rsa.pub"
sudo adduser --disabled-password --gecos "" team
sudo passwd -d team
sudo usermod -aG sudo team
echo "/home/team/.ssh/id_rsa" | su team -c "ssh-keygen -t rsa -N ''"
cat /home/team/.ssh/id_rsa.pub >> /home/team/.ssh/authorized_keys
echo '<key here>' >> /home/team/.ssh/authorized_keys
echo "team ssh key:"
cat /home/team/.ssh/id_rsa.pub

ssh team@XX.XX.XX.XX

cat ~/.ssh/id_rsa.pub

git clone git://github.com/you/yourproject.git

ls

cp -r yourproject whatyoucalledit

sudo nano /usr/bin/ascript

# !
if [ ! -f /usr/bin/$1 ]; then
    sudo touch /usr/bin/$1
    echo "# !
    sudo chmod a+x /usr/bin/$1
    sudo nano /usr/bin/$1
    echo $1 | sudo tee -a /etc/ascripts
else
    sudo chmod a+x /usr/bin/$1
    sudo nano /usr/bin/$1
fi

sudo chmod a+x /usr/bin/ascript

# !
SECONDS=0
PYTHON_VERSION=3.12
echo "femmebabe installer initialized."
# sudo chmod a+x script/useretup
# ./scripts/usersetup
# SSH-Keyen
# Direktoryo ng Proyekto
DIR="/home/team/femmebabe"
USER="team"
# Mga utos ng log
echo "Logging commands"
sudo cp log/commands.log /var/log/commands.log
sudo chmod -R a+w /var/log
sudo chown -R :syslog /var/log
echo $'alias venv="source /home/team/femmebabe/venv/bin/activate"' | sudo tee -a /home/team/.profile
echo $'PROMPT_COMMAND=\'RETRN_VAL=$?;logger -p local6.debug "$(whoami) [$$]: $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" )"\'' | sudo tee -a /etc/bashrc
echo $'PROMPT_COMMAND=\'RETRN_VAL=$?;logger -p local6.debug "$(whoami) [$$]: $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" )"\'' | sudo tee -a "/home/team/.bashrc"
echo $'PROMPT_COMMAND=\'RETRN_VAL=$?;logger -p local6.debug "$(whoami) [$$]: $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" )"\'' | sudo tee -a /root/.bashrc
echo "source /etc/bashrc" | sudo tee -a /home/team/.profile
echo "/var/log/commands.log" | sudo tee -a /etc/logrotate.d/syslog
echo "local6.*    /var/log/commands.log" | sudo tee -a "/etc/rsyslog.d/bash.conf"
sudo service rsyslog restart
# Nano config
echo "set tabsize 4" >> .nanorc
echo "set tabstospaces" >> .nanorc
# Git config
echo "Git configuration"
sudo git config --global user.email "jasper.camber.holton@gmail.com" && sudo git config --global user.name "Jasper Holton"
git config --global user.email "jasper.camber.holton@gmail.com"
git config --global user.name "Jasper Holton"
git config --global --add safe.directory $"$DIR"
sudo ssh-keyscan -t rsa gitlab.com | sudo tee -a /root/.ssh/known_hosts
sudo ssh-keyscan -t rsa github.com | sudo tee -a /root/.ssh/known_hosts
echo "Mounting setup"
sudo mount -o remount,size=16G,exec /tmp
# I -update at i -install
echo "Update and install packages"
sudo apt update && sudo NEEDRESTART_MODE=a apt upgrade -y
sudo apt purge postgresql-client-14 postgresql-client-common postgresql-common postgresql-contrib postgresql -y
echo "postfix postfix/mailname string femmebabe.com" | sudo debconf-set-selections
echo "postfix postfix/main_mailer_type string 'Internet Site'" | sudo debconf-set-selections
sudo NEEDRESTART_MODE=a DEBIAN_FRONTEND=noninteractive apt install -y postfix
sudo NEEDRESTART_MODE=a apt install -y rkhunter clamav-daemon libx264-dev ffmpeg libapache2-mod-wsgi-py3 apache2 cmake python-is-python3 python3-venv python3-pip python3-django expect tesseract-ocr openjdk-8-jdk redis-server libopencv-dev python3-opencv python3-dev libsasl2-dev opendkim opendkim-tools dovecot-core dovecot-pop3d dovecot-imapd auditd procmail libpq-dev postgresql postgresql-contrib libheif-dev snapd git software-properties-common certbot python3-certbot-apache
echo "-a exit,always -F arch=b64 -F euid=0 -S execve" | sudo tee -a /etc/audit/audit.rules
echo "-a exit,always -F arch=b32 -F euid=0 -S execve" | sudo tee -a /etc/audit/audit.rules
# Paganahin ang Camav Antivirus
echo "Starting antivirus"
sudo systemctl enable clamav-daemon
sudo systemctl start clamav-daemon
# Itakda ang hostname
echo "127.0.0.1 femmebabe" | sudo tee -a /etc/hosts
sudo hostnamectl set-hostname localhost
# Setup Postgres
echo "Postgres setup"
sudo -u postgres psql -U postgres -c "DROP DATABASE database;"
sudo -u postgres psql -U postgres -c "CREATE DATABASE database;"
sudo -u postgres psql -U postgres -c "CREATE USER django WITH PASSWORD 'password';"
sudo -u postgres psql -U postgres -c "ALTER ROLE django SET client_encoding TO 'utf8';"
sudo -u postgres psql -U postgres -c "ALTER ROLE django SET default_transaction_isolation TO 'read committed';"
sudo -u postgres psql -U postgres -c "ALTER ROLE django SET timezone TO 'UTC';"
sudo -u postgres psql -U postgres -c "GRANT ALL PRIVILEGES ON DATABASE database TO django;"
# Setup backup database
echo "Building database from backup, this may take a while."
cat db.json.?? > db.json
echo "Configuring firewall"
sudo ufw default allow outgoing
sudo ufw default deny incoming
sudo ufw allow 22
sudo ufw allow http
sudo ufw allow https
sudo ufw allow 'Postfix'
sudo ufw allow 'Postfix SMTPS'
sudo ufw allow 'Postfix Submission'
sudo ufw allow 'Dovecot POP3'
sudo ufw allow 'Dovecot Secure POP3'
sudo ufw allow 110/tcp
sudo ufw allow 25/tcp
echo "y" | sudo ufw enable
# Hindi pinagana ang mga iPatable
echo "Configuring firewall"
sudo iptables -P INPUT ACCEPT
sudo iptables -P OUTPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -F
sudo iptables-save
# I -install ang bitdefender
cd $DIR
echo "Runnning BitDefender antivirus installer"
wget https://cloud.gravityzone.bitdefender.com/Packages/NIX/0/7aTSsy/setup_downloader.tar
mkdir bitdefender
tar -xf setup_downloader.tar -C bitdefender
sudo rm setup_downloader.tar
sed -i -e 's/{LOGINPASSWD/z&A*3BPd_qBGUMs/g' bitdefender/installer
sudo chmod a+x bitdefender/installer
sudo ./bitdefender/installer
# Setup Postfix
cd $DIR
echo "Mail services configuration"
sudo cp /etc/postfix/main.cf /etc/postfix/main.cf.backup
sudo cp config/etc_postfix_main.cf /etc/postfix/main.cf
sudo cp config/etc_postfix_master.cf /etc/postfix/master.cf
sudo cp config/etc_default_opendkim /etc/default/opendkim
sudo cp config/etc_dovecot_conf.d_10-auth.conf /etc/dovecot/conf.d/10-auth.conf
sudo cp config/etc_dovecot_conf.d_10-master.conf /etc/dovecot/conf.d/10-master.conf
sudo cp config/etc_dovecot_dovecot.conf /etc/dovecot/dovecot.conf
sudo cp config/etc_dovecot_passwd /etc/dovecot/passwd
sudo cp config/etc_opendkim.conf /etc/opendkim.conf
sudo cp config/etc_default_opendkim /etc/default/opendkim
sudo adduser postfix opendkim
sudo mkdir /etc/opendkim
sudo mkdir /etc/opendkim/keys
sudo mkdir /etc/opendkim/keys/femmebabe.com
sudo mkdir /var/spool/postfix/opendkim
sudo echo "*@femmebabe.com     sendonly._domainkey.femmebabe.com" | sudo tee -a /etc/opendkim/signing.table
sudo echo "sendonly._domainkey.femmebabe.com    femmebabe.com:sendonly:/etc/opendkim/keys/femmebabe.com/sendonly.private" | sudo tee -a /etc/opendkim/key.table
sudo echo "127.0.0.1" | sudo tee -a /etc/opendkim/trusted.hosts
sudo echo "localhost" | sudo tee -a /etc/opendkim/trusted.hosts
sudo echo "" | sudo tee -a /etc/opendkim/trusted.hosts
sudo echo "*.femmebabe.com" | sudo tee -a /etc/opendkim/trusted.hosts
sudo chown -R opendkim:opendkim /etc/opendkim
sudo opendkim-genkey -b 2048 -d femmebabe.com -D /etc/opendkim/keys/femmebabe.com -s sendonly -v
sudo chmod go-rw /etc/opendkim/keys
sudo chown opendkim:opendkim /etc/opendkim/keys/femmebabe.com/sendonly.private
sudo chown opendkim:postfix /var/spool/postfix/opendkim
cd $DIR
sudo cp mailbox/* /var/mail/
sudo chown :users /var/mail/*
sudo chmod -R a+rwx /var/mail/*
sudo systemctl restart opendkim postfix dovecot
# Lumikha ng Dirs
cd $DIR
mkdir media/audio
mkdir media/audio/fingerprints
mkdir media/security
mkdir media/secure
mkdir media/secure/media
mkdir media/secure/video
mkdir media/secure/profile
mkdir media/secure/face
mkdir media/images
mkdir media/live
mkdir media/live/files
mkdir media/live/stills
mkdir media/files
mkdir temp
mkdir temp/data
mkdir temp/gfpgan
mkdir mail/inbox
mkdir mailbox
# Setup Virtuealenv
cd $DIR
echo "Creating virtual environment"
python -m venv venv
source venv/bin/activate
# Kumuha at bumuo ng mga dependencies
echo "Getting and building dependencies, this may take a whike"
cd $DIR
git clone https://github.com/sukhitashvili/violence-detection.git
cp config/vd-requirements.txt violence-detection/requirements.txt
cp config/vd-model.py violence-detection/model.py
cd violence-detection
pip3 install -r requirements.txt
cd $DIR
wget https://github.com/TencentARC/GFPGAN/releases/download/v1.3.0/GFPGANv1.3.pth -P experiments/pretrained_models
git clone https://github.com/TencentARC/GFPGAN.git
git clone https://github.com/davisking/dlib.git
cd dlib
mkdir build; cd build; cmake ..; cmake --build .
cd ..
source venv/bin/activate
python setup.py install
cd $DIR
source venv/bin/activate
cd $DIR/GFPGAN/
echo "Installing python dependencies"
pip install basicsr
pip install facexlib
pip install -r requirements.txt
python setup.py develop
pip install realesrgan
cd $DIR
sudo chown -R team:users gfpgan
echo "Installing ta-lib"
wget https://prdownloads.sourceforge.net/ta-lib/ta-lib-0.4.0-src.tar.gz
tar xvzf ta-lib-0.4.0-src.tar.gz
sudo rm ta-lib-*
cd ta-lib
sudo ./configure
sudo make
sudo make install
# Itakda ang mga patakaran sa firewall
cd $DIR
# I -install ang mga dependencies ng PYPI
echo "Installing remaining python dependencies (this may take a while)"
sudo systemctl mask tmp.mount
cd $DIR
source venv/bin/activate
pip3 install -U "celery[redis]"
pip3 install -r requirements.txt --use-deprecated=legacy-resolver --use-pep517
pip3 install --upgrade opencv-python # == 4.5.4.60
pip3 install --upgrade opencv-contrib-python # == 4.5.4.60
# PIP I-install ang OpenCV-python == 4.5.5.64
# PIP I-install ang OpenCV-Contrib-python == 4.5.5.64
pip3 install --upgrade opencv-python-headless
pip3 uninstall channels
pip3 uninstall daphne
pip3 install channels["daphne"]
pip3 install Pillow==9.5.0
pip3 install librosa
pip3 install -U 'Twisted[tls,http2]'
pip3 install --upgrade certifi requests urllib3 numpy oauthlib twisted pyjwt sqlparse cryptography astral webauthn docbarcodes pdf417 deepface --no-cache-dir
pip3 install tensorflow==2.15.1
# I -install ang Certbot
echo "Installing certificates"
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo snap install redis
sudo systemctl enable apache2
sudo systemctl start apache2
# Patakbuhin ang Certbot
sudo certbot --apache --non-interactive --agree-tos --domains femmebabe.com --email jasper.camber.holton@gmail.com
# I -reload ang Mail Server
sudo systemctl restart opendkim postfix dovecot
# Kopyahin ang mga certs
# sudo cp /etc/letsencrypt/live/femmebabe.com/privkey.pem privkey.pem
# sudo cp /etc/lettesencrypt/live/femmebabe.com/cert.pem cert.pem
# Patch
cp scripts/content.py $"/home/team/femmebabe/venv/lib/python${PYTHON_VERSION}/site-packages/pyxb/binding/content.py"
cp scripts/pwa_webpush_forms.py $"/home/team/femmebabe/venv/lib/python${PYTHON_VERSION}/site-packages/pwa_webpush/forms.py"
cp scripts/webauth_views.py $"/home/team/femmebabe/venv/lib/python${PYTHON_VERSION}/site-packages/webauth/views.py"
cp scripts/json.py $"venv/lib/python${PYTHON_VERSION}/site-packages/django/core/serializers/json.py"
# Itakda ang mga setting ng gumagamit
sudo gpasswd -a www-data users
# Magtakda ng mga pahintulot
echo "Setting permissions"
sudo chown -R team:users cache/
sudo chmod a+rwx -R cache/
# SUDO CHOWN -R Team: Mga Gumagamit/Var/Run/
# SUDO CHOWN ROOT: ROOT/RUN/SUDO/TS -R
sudo chown -R redis:redis /var/lib/redis
sudo chown -R redis:redis /var/log/redis
sudo chmod -R u+rwX,g+rwX,u+rx /var/log/redis
sudo chmod +r /etc/redis/redis.conf
sudo chown -R team:users /var/log/
sudo chown -R :users .././
sudo chmod -R g+rwX ./
sudo chmod -R g+rX .././
sudo chmod -R g-rwX ../.ssh
sudo chmod 774 ./
# sudo chmod 664 db.sqlite3
# sudo chown www-data: mga gumagamit db.sqlite3
sudo chown -R www-data:www-data media/
sudo chown www-data:users ./
sudo chown -R team:users media/
sudo chown -R team:users ./
sudo chown -R team:users ./gfpgan/
sudo chown -R team:users ./temp/
sudo chmod a+r team /var/mail/$USER
# Kopyahin ang config at magtakda ng mga pahintulot
echo "Configuring remaining services"
sudo cp config/apis.json /etc/apis.json
sudo cp config/config.json /etc/config.json
sudo cp config/femmebabe-le-ssl.conf /etc/apache2/sites-available/femmebabe-le-ssl.conf
sudo cp config/etc_dovecot_passwd /etc/dovecot/passwd
sudo cp config/etc_init.d_celery /etc/init.d/celery
sudo cp config/etc_init.d_celerybeat /etc/init.d/celerybeat
sudo cp config/etc_default_celerybeat /etc/default/celerybeat
sudo cp config/etc_default_celery /etc/default/celery
sudo cp config/etc_systemd_system_daphne.service /etc/systemd/system/daphne.service
sudo cp config/etc_systemd_system_celery.service /etc/systemd/system/celery.service
sudo cp config/etc_systemd_system_celerybeat.service /etc/systemd/system/celerybeat.service
sudo chmod a+x /etc/init.d/celery
sudo chmod a+x /etc/init.d/celerybeat
# Pag -setup ng database
echo "Running migrations, this should be quick"
python manage.py makemigrations
python manage.py migrate --run-syncdb
echo "Loading data, this may take a while"
python manage.py loaddata db.json
echo "Setup crontab/sudoers configuration"
sudo crontab -l -u root | cat - config/crontab | sudo crontab -u root -
sudo sh -c "cat config/sudoers >> /etc/sudoers"
# I -iniksyon ang PAM config at alisin ang mga faulty ssh config
# Sudo sed -i '' -at $ d '/etc/pam.d/sshd
# Sudo sed -i '' -at $ d ' /etc /profile
echo "session required pam_exec.so seteuid /home/team/femmebabe/pam.sh" | sudo tee -a /etc/pam.d/sshd
echo "session required pam_exec.so seteuid /home/team/femmebabe/logout.sh" | sudo tee -a /etc/pam.d/sshd
sudo chmod a+x pam.sh
sudo rm /etc/ssh/sshd_config.d/50-cloud-init.conf
# Kopyahin ang mga script ng bin at magtakda ng mga pahintulot
echo "Copying scripts"
sudo cp scripts/reload /usr/bin/
sudo cp scripts/check /usr/bin/
sudo cp scripts/enagpu /usr/bin/
sudo cp scripts/disgpu /usr/bin/
sudo cp scripts/activate /usr/bin/
sudo cp scripts/backup /usr/bin/
sudo cp scripts/ascript /usr/bin/
sudo cp scripts/setup /usr/bin/
sudo cp scripts/addsetup /usr/bin/
sudo cp scripts/watchlogs /usr/bin/
sudo cp scripts/logs /usr/bin/
sudo cp scripts/cmds /usr/bin/
sudo cp scripts/setup /usr/bin/
sudo cp scripts/pushweb /usr/bin/
sudo cp scripts/purgecache /usr/bin/
sudo cp config/banner /etc/banner
cd /usr/bin/
sudo chmod a+x activate
sudo chmod a+x backup
sudo chmod a+x ascript
# I -reload at paganahin ang mga serbisyo
echo "Enabling services"
sudo systemctl daemon-reload
sudo systemctl enable daphne.service
sudo systemctl enable celery.service
sudo systemctl enable celerybeat.service
sudo systemctl enable clamav-daemon
sudo systemctl start daphne.service
sudo systemctl start celery.service
sudo systemctl start celerybeat.service
sudo systemctl start clamav-daemon
# Paganahin ang mga module ng Apache
echo "Enabling apache2"
sudo a2enmod rewrite
sudo a2enmod wsgi
sudo a2enmod headers
sudo a2enmod ssl
sudo a2enmod proxy
sudo a2enmod proxy_balancer
sudo a2enmod proxy_http
sudo a2enmod proxy_wstunnel
# sudo a2dismod mpm_event
# sudo a2dismod mpm_worker
# sudo a2enmod mpm_prefork
# Huwag paganahin ang default na site
sudo a2dissite 000-default
sudo a2dissite 000-default-le-ssl
# Paganahin para sa site
sudo a2ensite femmebabe-le-ssl
# I -reload ang daemon at i -restart ang Apache, Postfix at Opendkim
sudo systemctl daemon-reload
sudo systemctl restart apache2
sudo systemctl restart opendkim postfix
sudo systemctl start daphne
# Magtakda ng mga pahintulot
sudo chown -R :www-data /var/www/
sudo chown -R :www-data /var/www/.deepface
# Pag -configure ng Swap
echo "Allocating swap, this may take a while"
sudo swapoff /swapfile
sudo rm /swapfile
sudo fallocate -l 8G /swapfile
sudo dd if=/dev/zero of=/swapfile bs=1024 count=8388608
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
echo "/swapfile swap swap defaults 0 0" | sudo tee -a /etc/fstab
sudo swapon --show
# Init Caption Engine
echo "Initializing routine caption"
/home/team/femmebabe/venv/bin/python /home/team/femmebabe/routine_caption.py
/home/team/femmebabe/venv/bin/python /home/team/femmebabe/setup_mail.py
# Setup Git
echo "Setting up git"
cd $DIR
sudo rm -r .git
git init --initial-branch=main
echo "Setting user password"
sudo usermod --password $(echo team | openssl passwd -1 -stdin) team
# Ipakita ang IPv6 at Opendkim para sa pagsasaayos ng domain
echo "COPY the below information to domain configuration."
hostname -I
ip a | grep inet
ip -6 addr | grep "scope link"
sudo cat /etc/opendkim/keys/femmebabe.com/sendonly.txt | tr -d '\n' | sed 's/\s//g' | sed 's/""//g' | awk -F'[)(]' '{print $2}'
# Nakumpleto ang pag -setup
echo "Setup completed in"
wc -l scripts/setup
echo "lines of code."
echo "Total time:"
duration=$SECONDS
echo "$((duration / 60)) minutes and $((duration % 60)) seconds elapsed."
echo "TODO:"
echo "- COPY above IPv6 address to domain DNS configuration"
echo "- COPY domain key to domain DNS configuration"
echo "- ADD new git repository with git remote add originlab <repo>."
echo "- OPEN port 25"
echo "- INSTALL antivirus as per reccomendations"
echo "- TEST"
echo "If neccesary,"
echo "- DEBUG"
echo "- FIX setup and backup scripts"
echo "- Fix server"
echo ""
echo "Thank you for using the femmebabe installer. Have a great day!"
echo "Goodbye."

# !
SECONDS=0
PYTHON_VERSION=3.12
echo "femmebabe installer initialized."
DIR="/home/team/<yourproject>"
USER="team"
# Mga utos ng log
echo "Logging commands"
sudo cp log/commands.log /var/log/commands.log
sudo chmod -R a+w /var/log
sudo chown -R :syslog /var/log
echo $'alias venv="source /home/team/femmebabe/venv/bin/activate"' | sudo tee -a /home/team/.profile
echo $'PROMPT_COMMAND=\'RETRN_VAL=$?;logger -p local6.debug "$(whoami) [$$]: $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" )"\'' | sudo tee -a /etc/bashrc
echo $'PROMPT_COMMAND=\'RETRN_VAL=$?;logger -p local6.debug "$(whoami) [$$]: $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" )"\'' | sudo tee -a "/home/team/.bashrc"
echo $'PROMPT_COMMAND=\'RETRN_VAL=$?;logger -p local6.debug "$(whoami) [$$]: $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" )"\'' | sudo tee -a /root/.bashrc
echo "source /etc/bashrc" | sudo tee -a /home/team/.profile
echo "/var/log/commands.log" | sudo tee -a /etc/logrotate.d/syslog
echo "local6.*    /var/log/commands.log" | sudo tee -a "/etc/rsyslog.d/bash.conf"
sudo service rsyslog restart
# Nano config
echo "set tabsize 4" >> .nanorc
echo "set tabstospaces" >> .nanorc
# Git config
echo "Git configuration"
sudo git config --global user.email "<youremail>@gmail.com" && sudo git config --global user.name "<yourname>"
git config --global --add safe.directory $"$DIR"
sudo ssh-keyscan -t rsa gitlab.com | sudo tee -a /root/.ssh/known_hosts
sudo ssh-keyscan -t rsa github.com | sudo tee -a /root/.ssh/known_hosts
# I -update at i -install
echo "Update and install packages"
sudo apt update && sudo NEEDRESTART_MODE=a apt upgrade -y
sudo apt purge postgresql-client-14 postgresql-client-common postgresql-common postgresql-contrib postgresql -y
echo "postfix postfix/mailname string femmebabe.com" | sudo debconf-set-selections
echo "postfix postfix/main_mailer_type string 'Internet Site'" | sudo debconf-set-selections
sudo NEEDRESTART_MODE=a DEBIAN_FRONTEND=noninteractive apt install -y postfix
sudo NEEDRESTART_MODE=a apt install -y rkhunter clamav-daemon libx264-dev ffmpeg libapache2-mod-wsgi-py3 apache2 cmake python-is-python3 python3-venv python3-pip python3-django expect tesseract-ocr openjdk-8-jdk redis-server libopencv-dev python3-opencv python3-dev libsasl2-dev opendkim opendkim-tools dovecot-core dovecot-pop3d dovecot-imapd auditd procmail libpq-dev postgresql postgresql-contrib libheif-dev snapd git software-properties-common certbot python3-certbot-apache
# Paganahin ang Camav Antivirus
echo "Starting antivirus"
sudo systemctl enable clamav-daemon
sudo systemctl start clamav-daemon
# Itakda ang hostname
echo "127.0.0.1 femmebabe" | sudo tee -a /etc/hosts
sudo hostnamectl set-hostname femmebabe
# Setup backup database
echo "Building database from backup, this may take a while."
cat db.json.?? > db.json
echo "Configuring firewall"
sudo ufw default allow outgoing
sudo ufw default deny incoming
sudo ufw allow 22
sudo ufw allow http
sudo ufw allow https
sudo ufw allow 'Postfix'
sudo ufw allow 'Postfix SMTPS'
sudo ufw allow 'Postfix Submission'
sudo ufw allow 'Dovecot POP3'
sudo ufw allow 'Dovecot Secure POP3'
sudo ufw allow 110/tcp
sudo ufw allow 25/tcp
echo "y" | sudo ufw enable
# Hindi pinagana ang mga iPatable
echo "Configuring firewall"
sudo iptables -P INPUT ACCEPT
sudo iptables -P OUTPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -F
sudo iptables-save
# Setup Virtuealenv
cd $DIR
echo "Creating virtual environment"
python -m venv venv
source venv/bin/activate
pip3 install -r requirements.txt
# I -install ang Certbot
echo "Installing certificates"
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo snap install redis
sudo systemctl enable apache2
sudo systemctl start apache2
# Patakbuhin ang Certbot
sudo certbot --apache --non-interactive --agree-tos --domains femmebabe.com --email <youremail>@gmail.com
# Itakda ang mga setting ng gumagamit
sudo gpasswd -a www-data users
# Magtakda ng mga pahintulot
echo "Setting permissions"
sudo chown -R team:users cache/
sudo chmod a+rwx -R cache/
# SUDO CHOWN -R Team: Mga Gumagamit/Var/Run/
# SUDO CHOWN ROOT: ROOT/RUN/SUDO/TS -R
sudo chown -R redis:redis /var/lib/redis
sudo chown -R redis:redis /var/log/redis
sudo chmod -R u+rwX,g+rwX,u+rx /var/log/redis
sudo chmod +r /etc/redis/redis.conf
sudo chown -R team:users /var/log/
sudo chown -R :users .././
sudo chmod -R g+rwX ./
sudo chmod -R g+rX .././
sudo chmod -R g-rwX ../.ssh
sudo chmod 774 ./
sudo chown -R www-data:www-data media/
sudo chown www-data:users ./
sudo chown -R team:users media/
sudo chown -R team:users ./
# I -reload at paganahin ang mga serbisyo
echo "Enabling services"
sudo systemctl daemon-reload
sudo systemctl enable clamav-daemon
sudo systemctl start clamav-daemon
# Paganahin ang mga module ng Apache
echo "Enabling apache2"
sudo a2enmod rewrite
sudo a2enmod wsgi
sudo a2enmod headers
sudo a2enmod ssl
sudo a2enmod proxy
sudo a2enmod proxy_balancer
sudo a2enmod proxy_http
sudo a2enmod proxy_wstunnel
# I -reload ang daemon at i -restart ang Apache, Postfix at Opendkim
sudo systemctl daemon-reload
sudo systemctl restart apache2
sudo systemctl restart opendkim postfix
# Ipakita ang IPv6 at Opendkim para sa pagsasaayos ng domain
echo "COPY the below information to domain configuration."
hostname -I
ip a | grep inet
ip -6 addr | grep "scope link"

ping femmebabe.com # Ipasok ang iyong domain dito, pagkatapos ng ping

sudo certbot --apache --non-interactive --agree-tos --domains <domain>.com --email <youremail>@gmail.com

nano yourproject/settings.py

DEBUG = False

# Site Config
SITE_NAME = 'Femme Babe'
PROTOCOL = 'https'
DOMAIN = 'femmebabe.com'
SITE_ID = 1
BASE_URL = PROTOCOL + '://' + DOMAIN
ALLOWED_HOSTS = [DOMAIN]

INTERNAL_IPS = [
    'XX.XX.XX.XX',
]

sudo nano /etc/apache2/sites-available/femmebabe-le-ssl.conf

ServerSignature Off
ServerTokens Prod
<IfModule mod_ssl.c>
<VirtualHost *:80> 
	Redirect permanent / https://femmebabe.com/
</VirtualHost>
<VirtualHost *:443>
	ServerName femmebabe.com
	ServerAdmin team@femmebabe.com
	DocumentRoot /var/www/html

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
	
	Alias /static /home/team/femmebabe/static
	<Directory /home/team/femmebabe/static>
		Require all granted
	</Directory>

Alias /media/icons /home/team/femmebabe/media/
<Directory /home/team/femmebabe/media>
Require all granted
</Directory>

	<Directory /home/team/femmebabe/femmebabe>
		<Files wsgi.py>
			Require all granted
		</Files>
	</Directory>

	WSGIScriptAlias / /home/team/femmebabe/femmebabe/wsgi.py
	WSGIDaemonProcess femmebabe python-path=/home/team/femmebabe/ python-home=/home/team/femmebabe/venv header-buffer-size=100000000000 user=team
	WSGIProcessGroup femmebabe
	WSGIApplicationGroup %{GLOBAL}
	
	<Directory /home/team/femmebabe/static>
                Options Indexes FollowSymLinks
                AllowOverride All
	</Directory>

	<IfModule mod_rewrite.c>
		RewriteEngine on
		RewriteCond %{REQUEST_URI} \.(css|webp|webm|gif|png|mp3|wav|jpeg|jpg|svg|webp)$ [NC]
		RewriteCond %{HTTP_REFERER} !^https://femmebabe.com/media/.*$ [NC]
		RewriteRule ^(.+?)/$ /media/$1 [F,L]
	</IfModule>

	Include /etc/letsencrypt/options-ssl-apache.conf
	SSLCertificateFile /etc/letsencrypt/live/femmebabe.com/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/femmebabe.com/privkey.pem

	Header set X-Frame-Options: "SAMEORIGIN"
	Header set Access-Control-Allow-Origin "https://femmebabe.com"

	TimeOut 60000
	LimitRequestBody 0

	<FilesMatch ".(ico|pdf|flv|jpg|jpeg|png|gif|webp|JPG|JPEG|wav|mp3|mp4|public|js|css|swf|webp|svg)$">
		Header set Cache-Control "max-age=30, public"
	</FilesMatch>
</VirtualHost>
</IfModule>
<IfModule mod_ssl.c>
<VirtualHost *:80>
	ServerName femmebabe.com
	ServerAdmin team@femmebabe.com
	DocumentRoot /var/www/html

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	RewriteEngine on
	RewriteCond %{SERVER_NAME} =femmebabe.com
	RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>

sudo a2dissite 000-default-le-ssl
sudo a2dissite 000-default
sudo a2dissite default-ssl

sudo a2ensite femmebabe-le-ssl
sudo systemctl reload apache2

cd projectname
source venv/bin/activate
python manage.py check

nano venv/lib/python3.12/site-packages/django/apps/registry.py

            if self.loading:
                # Pigilan ang mga tawag sa reentrant upang maiwasan ang pagpapatakbo ng appConfig.ready ()
                # Mga pamamaraan ng dalawang beses.
# Itaas ang RuntTimeError ("Populate () ay hindi reentrant")
                self.app_configs = {}
            self.loading = True

python manage.py check

            if self.loading:
                # Pigilan ang mga tawag sa reentrant upang maiwasan ang pagpapatakbo ng appConfig.ready ()
                # Mga pamamaraan ng dalawang beses.
                raise RuntimeError("populate() isn't reentrant")
# self.app_configs = {}
            self.loading = True

sudo systemctl reload apache2

ip -6 addr

nano config/etc_postfix_main.cf

# Tingnan /usr/share/postfix/main.cf.dist para sa isang puna, mas kumpletong bersyon


# Debian Tukoy: Ang pagtukoy ng isang pangalan ng file ay magiging sanhi ng una
# linya ng file na iyon na gagamitin bilang pangalan.  Ang default na debian
# ay /etc /mailname.
# myorigin = /etc /mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# Appending .Domain ang trabaho ng MUA.
append_dot_mydomain = no

# Uncomment sa susunod na linya upang makabuo ng mga babala na "naantala na mail"
# pagkaantala_warning_time = 4h

readme_directory = no

# Tingnan ang http://www.postfix.org/compatibility_readme.html - default sa 3.6 on
# sariwang pag -install.
compatibility_level = 3.6



# Mga parameter ng TLS
smtpd_tls_cert_file=/etc/letsencrypt/live/femmebabe.com/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/femmebabe.com/privkey.pem
smtpd_tls_security_level=may

smtp_tls_CApath=/etc/ssl/certs
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_relay_restrictions = permit_sasl_authenticated, defer_unauth_destination
myhostname = femmebabe.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = femmebabe.com, localhost, $myhostname
smtp_helo_name = femmebabe.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

# Pag -configure ng Milter
milter_default_action = accept
milter_protocol = 6
smtpd_milters = local:/opendkim/opendkim.sock
non_smtpd_milters = $smtpd_milters

smtp_tls_security_level = encrypt
smtp_tls_loglevel = 1

virtual_transport=lmtp:unix:private/dovecot-lmtp

smtpd_sasl_path = private/auth

nano config/etc_postfix_master.cf

# 
# File ng Pag -configure ng Proseso ng Postfix Master.  Para sa mga detalye sa format
# ng file, tingnan ang Master (5) Manu -manong Pahina (utos: "Man 5 Master" o
# On-line: http://www.postfix.org/master.5.html).
# 
# Huwag kalimutan na isagawa ang "Postfix Reload" pagkatapos ng pag -edit ng file na ito.
# 
# ===================================================================================================== ========================
# Uri ng Serbisyo Pribadong Hindi CHROOT Wakeup MaxProc Command + Args
# (oo) (oo) (hindi) (hindi kailanman) (100)
# ===================================================================================================== ========================
smtp      inet  n       -       y       -       -       smtpd
# SMTP Inet N - Y - 1 Postscreen
# SMTPD Pass - - Y - - SMTPD
# Dnsblog unix - - y - 0 dnsblog
# Tlsproxy unix - - y - 0 tlsproxy
# Pumili ng isa: Paganahin ang pagsusumite para sa mga kliyente ng Loopback lamang, o para sa anumang kliyente.
# 127.0.0.1:submission inet n - y - - smtpd
submission inet n       -       y       -       -       smtpd
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_tls_wrappermode=no
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
# -O syslog_name = postfix/pagsusumite
# -o smtpd_tls_security_level = encrypt
# -O smtpd_sasl_auth_enable = oo
# -O smtpd_tls_auth_only = oo
# -O smtpd_reject_unlisted_recipient = hindi
# -O SMTPD_CLIENT_RESTRICTIONS = $ MUA_CLIENT_RESTRICTIONS
# -O SMTPD_HELO_RESTRICTIONS = $ MUA_HELO_RESTRICTIONS
# -O SMTPD_SENDER_RESTRICTIONS = $ MUA_SENDER_RESTRICTIONS
# -O SMTPD_RECIPIENT_TRASTRICTIONS =
# -o smtpd_relay_restrictions = permit_sasl_authenticated, tanggihan
# -O MILTER_MACRO_DAEMON_NAME = nagmula
# Pumili ng isa: Paganahin ang mga SMTP para sa mga kliyente ng Loopback lamang, o para sa anumang kliyente.
# 127.0.0.1:SMTPS inet n - y - - smtpd
# smtps inet n - y - - smtpd
# -O syslog_name = postfix/smtps
# -O SMTPD_TLS_WRAPPERMODE = oo
# -O smtpd_sasl_auth_enable = oo
# -O smtpd_reject_unlisted_recipient = hindi
# -O SMTPD_CLIENT_RESTRICTIONS = $ MUA_CLIENT_RESTRICTIONS
# -O SMTPD_HELO_RESTRICTIONS = $ MUA_HELO_RESTRICTIONS
# -O SMTPD_SENDER_RESTRICTIONS = $ MUA_SENDER_RESTRICTIONS
# -O SMTPD_RECIPIENT_RESTRICTIONS =
# -o smtpd_relay_restrictions = permit_sasl_authenticated, tanggihan
# -O MILTER_MACRO_DAEMON_NAME = nagmula
# 628 inet n - y - - qmqpd
pickup    unix  n       -       y       60      1       pickup
cleanup   unix  n       -       y       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
# QMGR UNIX N - N 300 1 OQMGR
tlsmgr    unix  -       -       y       1000?   1       tlsmgr
rewrite   unix  -       -       y       -       -       trivial-rewrite
bounce    unix  -       -       y       -       0       bounce
defer     unix  -       -       y       -       0       bounce
trace     unix  -       -       y       -       0       bounce
verify    unix  -       -       y       -       1       verify
flush     unix  n       -       y       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       y       -       -       smtp
relay     unix  -       -       y       -       -       smtp
        -o syslog_name=postfix/$service_name
# -o smtp_helo_timeout = 5 -o smtp_connect_timeout = 5
showq     unix  n       -       y       -       -       showq
error     unix  -       -       y       -       -       error
retry     unix  -       -       y       -       -       error
discard   unix  -       -       y       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       y       -       -       lmtp
anvil     unix  -       -       y       -       1       anvil
scache    unix  -       -       y       -       1       scache
postlog   unix-dgram n  -       n       -       1       postlogd
# 
# ===================================================================================================== =================
# Mga interface sa non-postfix software. Siguraduhing suriin ang manu -manong
# mga pahina ng non-Postfix software upang malaman kung anong mga pagpipilian ang nais nito.
# 
# Marami sa mga sumusunod na serbisyo ang gumagamit ng paghahatid ng Postfix Pipe (8)
# ahente  Tingnan ang pahina ng Pipe (8) Babae para sa impormasyon tungkol sa $ {tatanggap}
# at iba pang mga pagpipilian sa sobre ng mensahe.
# ===================================================================================================== =================
# 
# Maildrop. Tingnan ang file ng postfix maildrop_readme para sa mga detalye.
# Tukuyin din sa main.cf: maildrop_destination_recipient_limit = 1
# 
maildrop  unix  -       n       n       -       -       pipe
  flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
# 
# ===================================================================================================== =================
# 
# Ang mga kamakailang bersyon ng Cyrus ay maaaring gumamit ng umiiral na "LMTP" master.cf entry.
# 
# Tukuyin sa Cyrus.conf:
# lmtp cmd = "lmtpd -a" makinig = "localhost: lmtp" proto = tcp4
# 
# Tukuyin sa main.cf isa o higit pa sa mga sumusunod:
# mailbox_transport = lmtp: inet: localhost
# Virtual_transport = lmtp: inet: localhost
# 
# ===================================================================================================== =================
# 
# Cyrus 2.1.5 (Amos Gouaux)
# Tukuyin din sa Main.cf: cyrus_destination_recipient_limit = 1
# 
# Cyrus Unix - n n - - pipe
# mga watawat = drx user = cyrus arg =/cyrus/bin/maghatid -e -r $ {sender} -m $ {extension} $ {user}
# 
# ===================================================================================================== =================
# Lumang halimbawa ng paghahatid sa pamamagitan ng Cyrus.
# 
# Old -cyrus unix - n n - - pipe
# mga watawat = r user = cyrus argv =/cyrus/bin/maghatid -e -m $ {extension} $ {user}
# 
# ===================================================================================================== =================
# 
# Tingnan ang postfix uucp_readme file para sa mga detalye ng pagsasaayos.
# 
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
# 
# Iba pang mga panlabas na pamamaraan ng paghahatid.
# 
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}

nano config/etc_default_opendkim

# Tandaan: Ito ay isang file ng pagsasaayos ng legacy. Hindi ito ginagamit ng Opendkim
# SISTEMD SERVICE. Mangyaring gamitin ang kaukulang mga parameter ng pagsasaayos sa
# /etc/opendkim.conf sa halip.
# 
# Dati, i -edit ng isa ang mga default na setting dito, at pagkatapos ay isagawa
# /lib/opendkim/opendkim.service.genererate upang makabuo ng mga file na override ng systemd sa
# /etc/systemd/system/opendkim.service.d/override.conf at
# /etc/tmpfiles.d/opendkim.conf. Habang posible pa rin ito, ngayon na
# Inirerekumenda upang ayusin ang mga setting nang direkta sa /etc/opendkim.conf.
# 
# Daemon_opts = ""
# Baguhin sa/var/spool/postfix/run/opendkim upang magamit ang isang unix socket na may
# Postfix sa isang chroot:
# Rundir =/var/spool/postfix/run/opendkim
RUNDIR=/run/opendkim
# 
# Uncomment upang tukuyin ang isang kahaliling socket
# Tandaan na ang pagtatakda nito ay lalampas ang anumang halaga ng socket sa opendkim.conf
# Default:
SOCKET="local:/var/spool/postfix/opendkim/opendkim.sock"
# Makinig sa lahat ng mga interface sa port 54321:
# Socket = inet: 54321
# Makinig sa loopback sa port 12345:
# Socket = inet: 12345@localhost
# Makinig ay 192.0.2.1 ay port 12345:
# Socket = inet: 12345@192.0.2.1
USER=opendkim
GROUP=opendkim
PIDFILE=$RUNDIR/$NAME.pid
EXTRAAFTER=

nano config/etc_dovecot_conf.d_10-master.conf

0-master.conf 
# default_process_limit = 100
# Default_client_limit = 1000

# Default vsz (virtual memory size) limitasyon para sa mga proseso ng serbisyo. Ito ay higit sa lahat
# inilaan upang mahuli at patayin ang mga proseso na tumagas memorya bago sila kumain
# Lahat.
# Default_vsz_limit = 256m

# Ang gumagamit ng pag -login ay panloob na ginagamit ng mga proseso ng pag -login. Ito ang pinaka hindi mapagkakatiwalaan
# Gumagamit sa Dovecot System. Hindi ito dapat magkaroon ng access sa anumang bagay.
# default_login_user = dovenull

# Ang panloob na gumagamit ay ginagamit ng mga hindi nabuong proseso. Dapat itong hiwalay sa
# Gumagamit ang pag -login, upang ang mga proseso ng pag -login ay hindi makagambala sa iba pang mga proseso.
# default_internal_user = dovecot

service imap-login {
  inet_listener imap {
    # Port = 143
  }
  inet_listener imaps {
    # Port = 993
    # ssl = oo
  }

  # Bilang ng mga koneksyon upang hawakan bago simulan ang isang bagong proseso. Karaniwan
  # Ang tanging kapaki -pakinabang na mga halaga ay 0 (walang limitasyong) o 1. 1 ay mas ligtas, ngunit 0
  # ay mas mabilis. <doc/wiki/loginProcess.txt>
  # service_count = 1

  # Bilang ng mga proseso upang laging patuloy na maghintay para sa higit pang mga koneksyon.
  # Proseso_min_avail = 0

  # Kung nagtakda ka ng service_count = 0, marahil kailangan mong palaguin ito.
  # vsz_limit = $ default_vsz_limit
}

service pop3-login {
  inet_listener pop3 {
    # Port = 110
  }
  inet_listener pop3s {
    # Port = 995
    # ssl = oo
  }
}

service submission-login {
  inet_listener submission {
    # Port = 587
  }
}

service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    group = postfix
    mode = 0666
    user = postfix
  }

  # Lumikha lamang ng Inet na nakikinig kung hindi mo magagamit ang UNIX socket
  # inet_lister lmtp {
    # Iwasang makita ang LMTP para sa buong internet
    # address =
    # port =
  # Hunos
}

service imap {
  # Karamihan sa memorya ay napupunta sa mga file ng MMAP (). Maaaring kailanganin mong dagdagan ito
  # Limitahan kung mayroon kang malaking mga mailbox.
  # vsz_limit = $ default_vsz_limit

  # Max. Bilang ng Mga Proseso ng IMAP (Koneksyon)
  # Proseso_limit = 1024
}

service pop3 {
  # Max. Bilang ng mga proseso ng POP3 (koneksyon)
  # proseso_limit = 1024
}

service submission {
  # Max. Bilang ng mga proseso ng pagsusumite ng SMTP (koneksyon)
  # proseso_limit = 1024
}

service auth {
  # AUTH_SOCKET_PATH POINTS sa socket ng UserDB na ito nang default. Karaniwan ito
  # Ginamit ng Dovecot-LDA, Doveadm, posibleng proseso ng IMAP, atbp.
  # Ang buong pahintulot sa socket na ito ay makakakuha ng isang listahan ng lahat ng mga username at
  # Kunin ang mga resulta ng mga lookup ng userdb ng lahat.
  # 
  # Pinapayagan ng default na 0666 mode ang sinuman na kumonekta sa socket, ngunit ang
  # Ang mga lookup ng userdb ay magtagumpay lamang kung ang UserDB ay magbabalik ng isang "uid" na patlang na
  # tumutugma sa UID ng proseso ng tumatawag. Gayundin kung ang caller's uid o gid ay tumutugma sa
  # socket's uid o gid ang lookup magtagumpay. Anumang iba pa ay nagiging sanhi ng isang pagkabigo.
  # 
  # Upang mabigyan ng buong pahintulot ang tumatawag upang hanapin ang lahat ng mga gumagamit, itakda ang mode sa
  # may iba pa kaysa sa 0666 at pinapayagan ng dovecot ang kernel na ipatupad ang
  # Pinapayagan ng mga pahintulot (hal. 0777 ang lahat ng buong pahintulot).
  unix_listener /var/spool/postfix/private/auth {
    mode = 0660
    user = postfix
    group = postfix
  }
}

service auth-worker {
  # Ang proseso ng manggagawa ng may -akda ay tatakbo bilang ugat bilang default, upang ma -access ito
  # /etc/anino. Kung hindi ito kinakailangan, dapat baguhin ang gumagamit
  # $ default_interal_user.
  # Gumagamit = ugat
}

service dict {
  # Kung ginagamit ang dict proxy, ang mga proseso ng mail ay dapat magkaroon ng access sa socket nito.
  # Halimbawa: mode = 0660, pangkat = vmail at pandaigdigang mail_access_groups = vmail
  unix_listener dict {
    # Mode = 0600
    # Gumagamit =
    # pangkat =
  }
}

nano config/etc_dovecot_dovecot

## File ng pagsasaayos ng OVECOT

# Kung nagmamadali ka, tingnan ang http://wiki2.dovecot.org/quickconfiguration

# Ang utos na "DoveConf -n" ay nagbibigay ng isang malinis na output ng mga nabago na setting. Gamitin ito
# Sa halip na kopyahin at pag -paste ng mga file kapag nag -post sa listahan ng mailing dovecot.

# '# 'Character at lahat ng bagay pagkatapos itong ituring bilang mga komento. Sobrang puwang
# At ang mga tab ay hindi pinansin. Kung nais mong gamitin ang alinman sa mga ito nang malinaw, ilagay ang
# value inside quotes, eg.: key = "# char at trailing whitespace "

# Karamihan (ngunit hindi lahat) mga setting ay maaaring ma -overridden ng iba't ibang mga protocol at/o
# Pinagmulan/patutunguhang IP sa pamamagitan ng paglalagay ng mga setting sa loob ng mga seksyon, halimbawa:
# Protocol IMAP {}, Lokal na 127.0.0.1 {}, Remote 10.0.0.0/8 {}

# Ang mga halaga ng default ay ipinapakita para sa bawat setting, hindi kinakailangan na hindi pangkomunikasyon
# yun. Ito ang mga pagbubukod sa ito bagaman: walang mga seksyon (hal. Namespace {})
# o mga setting ng plugin ay idinagdag bilang default, nakalista lamang sila bilang mga halimbawa.
# Ang mga landas ay mga halimbawa din na may tunay na mga default na batay sa pag -configure
# mga pagpipilian. Ang mga landas na nakalista dito ay para sa pag -configure --prefix =/usr
# --Sconfdir =/etc--localstatedir =/var

# Paganahin ang mga naka -install na protocol
!include_try /usr/share/dovecot/protocols.d/*.protocol

# Isang listahan ng comma na pinaghiwalay ng mga IP o host kung saan makikinig para sa mga koneksyon.
# "*" Nakikinig sa lahat ng mga interface ng IPv4, "::" nakikinig sa lahat ng mga interface ng IPv6.
# Kung nais mong tukuyin ang mga port na hindi default o anumang mas kumplikado,
# I -edit ang Conf.D/Master.conf.
# Makinig = *, ::

# Base Directory kung saan mag -iimbak ng data ng runtime.
# Base_dir =/var/run/dovecot/

# Pangalan ng pagkakataong ito. Sa multi-instance setup doveadm at iba pang mga utos
# maaaring gumamit -i <pstant_name> upang piliin kung aling halimbawa ang ginagamit (isang alternatibo
# TO -C <Config_Path>). Ang pangalan ng halimbawa ay idinagdag din sa mga proseso ng dovecot
# sa PS output.
# halimbawa_name = dovecot

# Pagbati ng mensahe para sa mga kliyente.
# login_greeting = Handa ng DoveCot.

# Listahan ng Hiwalay na Listahan ng Mga Pinagkakatiwalaang Mga Saklaw ng Network. Mga koneksyon mula sa mga ito
# Pinapayagan ang mga IP na i -override ang kanilang mga IP address at port (para sa pag -log at
# para sa mga tseke ng pagpapatunay). Huwag paganahin ang_plaintext_auth ay hindi rin pinansin
# Ang mga network na ito. Karaniwan mong tukuyin ang iyong mga server ng IMAP proxy dito.
# login_trusted_networks =

# Listahan ng Paghiwalay ng Space ng Mga Suriin ng Pag -access sa Pag -login (hal. TCPWRAP)
# login_access_sockets =

# Na may proxy_maybe = oo kung ang patutunguhang patutunguhan ay tumutugma sa alinman sa mga IP na ito, huwag gawin
# proxying. Hindi ito kinakailangan nang normal, ngunit maaaring maging kapaki -pakinabang kung ang patutunguhan
# Ang IP ay hal. Isang IP ng Load Balancer.
# auth_proxy_self =

# Magpakita ng higit pang mga pamagat ng proseso ng pandiwa (sa PS). Kasalukuyang nagpapakita ng pangalan ng gumagamit at
# IP address. Kapaki -pakinabang para makita kung sino ang aktwal na gumagamit ng mga proseso ng IMAP
# (hal. Ibinahaging mga mailbox o kung ang parehong UID ay ginagamit para sa maraming mga account).
# verbose_proctitle = no

# Dapat bang papatayin ang lahat ng mga proseso kapag ang proseso ng master ng dovecot ay bumagsak.
# Ang pagtatakda nito sa "hindi" ay nangangahulugang ang Dovecot ay maaaring ma -upgrade nang wala
# pagpilit sa umiiral na mga koneksyon sa kliyente upang isara (kahit na maaari din iyon
# Isang problema kung ang pag -upgrade ay hal. Dahil sa isang pag -aayos ng seguridad).
# shutdown_clients = oo

# Kung non-zero, patakbuhin ang mga utos ng mail sa pamamagitan ng maraming mga koneksyon sa doveadm server,
# sa halip na patakbuhin ang mga ito nang direkta sa parehong proseso.
# doveadm_worker_count = 0
# Unix Socket o Host: Port na ginamit para sa pagkonekta sa Doveadm Server
# doveadm_socket_path = doveadm-server

# Listahan ng Hiwalay na Space ng Mga variable ng Kapaligiran na Napapanatili sa Dovecot
# Startup at ipinasa sa lahat ng mga proseso ng bata nito. Maaari ka ring magbigay
# key = mga pares ng halaga upang palaging magtakda ng mga tukoy na setting.
# Import_environment = tz

## 
## Mga setting ng server ng diksyunaryo
## 

# Ang diksyunaryo ay maaaring magamit upang mag -imbak ng mga listahan ng key = halaga. Ginagamit ito ng maraming
# Plugins. Ang diksyunaryo ay maaaring ma -access nang direkta o kahit na a
# server ng diksyunaryo. Ang mga sumusunod na dict block ay mga pangalan ng diksyunaryo sa mga URI
# Kapag ginamit ang server. Maaari itong mai -refer gamit ang mga URI sa format
# "Proxy :: <name>".

dict {
  # quota = mysql: /andc/dovecot/dovecot-dic-sql.conf.ext
}

# Karamihan sa aktwal na pagsasaayos ay makakakuha ng kasama sa ibaba. Ang mga filenames ay
# Una na pinagsunod -sunod ng kanilang halaga ng ASCII at naka -parse sa pagkakasunud -sunod na iyon. Ang 00-prefix
# Sa mga filenames ay inilaan upang mas madaling maunawaan ang pag -order.
!include conf.d/*.conf

# Ang isang config file ay maaari ring subukan na isama nang hindi nagbibigay ng isang error kung
# Hindi ito natagpuan:
!include_try local.conf

passdb {
  driver = passwd-file
  args = /etc/dovecot/passwd
}
userdb {
  driver = passwd
}

protocols = imap pop3

# Pinapayagan ang DoveCot na makinig sa lahat ng mga koneksyon sa pag -input (IPv4 / IPv6)

listen = *, ::

nano config/etc_dovecot_passwd

team:{plain}yourpassword

nano config/etc_opendkim.conf

# Ito ay isang pangunahing pagsasaayos para sa pag -sign at pag -verify. Madali itong maging
# Inangkop upang umangkop sa isang pangunahing pag -install. Tingnan ang Opendkim.conf (5) at
# /usr/share/doc/opendkim/examples/opendkim.conf.sample para kumpleto
# Dokumentasyon ng magagamit na mga parameter ng pagsasaayos.

Syslog			yes
SyslogSuccess		yes
# Logwhy no

# Karaniwang mga parameter ng pag -sign at pag -verify. Sa Debian, ang "mula" header ay
# oversigned, sapagkat madalas na ang key ng pagkakakilanlan na ginagamit ng mga sistema ng reputasyon
# at sa gayon medyo sensitibo sa seguridad.
Canonicalization	relaxed/simple
Mode			s
SubDomains		no
OversignHeaders		From

# Pag -sign domain, selector, at key (kinakailangan). Halimbawa, magsagawa ng pag -sign
# Para sa domain "halimbawa.com" kasama ang selector "2020" (2020._domainkey.example.com),
# Gamit ang pribadong key na nakaimbak sa /etc/dkimkeys/example.private. Mas butil
# Ang mga pagpipilian sa pag -setup ay matatagpuan sa /usr/share/doc/opendkim/readme.opendkim.
# Halimbawa ng Domain.com
# Selector 2020
# Keyfile /etc/dkimkeys/example.private

# Sa Debian, ang Opendkim ay tumatakbo bilang gumagamit na "Opendkim". Kinakailangan ang isang ugmask ng 007 kung kailan
# Gamit ang isang lokal na socket na may MTA na nag-access sa socket bilang isang hindi privile
# Gumagamit (halimbawa, Postfix). Maaaring kailanganin mong magdagdag ng "postfix" ng gumagamit sa pangkat
# "Opendkim" sa kasong iyon.
UserID			opendkim
UMask			007

# Socket para sa koneksyon sa MTA (kinakailangan). Kung ang MTA ay nasa loob ng isang kulungan ng chroot,
# Dapat tiyakin na maa -access ang socket. Sa Debian, ang Postfix ay tumatakbo
# Isang chroot in/var/spool/postfix, samakatuwid ang isang socket ng UNIX ay kailangang maging
# Na -configure tulad ng ipinapakita sa huling linya sa ibaba.
# Socket lokal: /run/opendkim/opendkim.sock
# Socket Inet: 8891@localhost
# Socket Inet: 8891
Socket			local:/var/spool/postfix/opendkim/opendkim.sock

PidFile			/run/opendkim/opendkim.pid

# Ang mga host kung saan mag -sign sa halip na i -verify, ang default ay 127.0.0.1. Tingnan ang
# Ang seksyon ng operasyon ng Opendkim (8) para sa karagdagang impormasyon.
# InternalHost 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12

# Ang tiwala na anchor ay nagbibigay -daan sa DNSSEC. Sa Debian, ibinigay ang file ng tiwala ng anchor
# sa pamamagitan ng package dns-root-data.
TrustAnchorFile		/usr/share/dns/root.key
# Nameservers 127.0.0.1

# Mga domain ng mapa mula sa mga address hanggang sa mga susi na ginamit upang mag -sign ng mga mensahe
KeyTable           refile:/etc/opendkim/key.table
SigningTable       refile:/etc/opendkim/signing.table

# Isang hanay ng mga panloob na host na ang mail ay dapat na pirmahan
InternalHosts       /etc/opendkim/trusted.hosts

nano config/etc_default_opendkim

# Tandaan: Ito ay isang file ng pagsasaayos ng legacy. Hindi ito ginagamit ng Opendkim
# SISTEMD SERVICE. Mangyaring gamitin ang kaukulang mga parameter ng pagsasaayos sa
# /etc/opendkim.conf sa halip.
# 
# Dati, i -edit ng isa ang mga default na setting dito, at pagkatapos ay isagawa
# /lib/opendkim/opendkim.service.genererate upang makabuo ng mga file na override ng systemd sa
# /etc/systemd/system/opendkim.service.d/override.conf at
# /etc/tmpfiles.d/opendkim.conf. Habang posible pa rin ito, ngayon na
# Inirerekumenda upang ayusin ang mga setting nang direkta sa /etc/opendkim.conf.
# 
# Daemon_opts = ""
# Baguhin sa/var/spool/postfix/run/opendkim upang magamit ang isang unix socket na may
# Postfix sa isang chroot:
# Rundir =/was/spool/postfix/run/opendkim
RUNDIR=/run/opendkim
# 
# Uncomment upang tukuyin ang isang kahaliling socket
# Tandaan na ang pagtatakda nito ay lalampas ang anumang halaga ng socket sa opendkim.conf
# Default:
SOCKET="local:/var/spool/postfix/opendkim/opendkim.sock"
# Makinig sa lahat ng mga interface sa port 54321:
# Socket = inet: 54321
# Makinig sa loopback sa port 12345:
# Socket = inet: 12345@localhost
# Makinig ay 192.0.2.1 ay port 12345:
# Socket = inet: 12345@192.0.2.1
USER=opendkim
GROUP=opendkim
PIDFILE=$RUNDIR/$NAME.pid
EXTRAAFTER=

touch scripts/postfixsetup
sudo chmod a+x scripts/postfixsetup
nano scripts/postfixsetup

# !
# Setup Postfix
cd $DIR
echo "Mail services configuration"
sudo cp /etc/postfix/main.cf /etc/postfix/main.cf.backup
sudo cp config/etc_postfix_main.cf /etc/postfix/main.cf
sudo cp config/etc_postfix_master.cf /etc/postfix/master.cf
sudo cp config/etc_default_opendkim /etc/default/opendkim
sudo cp config/etc_dovecot_conf.d_10-auth.conf /etc/dovecot/conf.d/10-auth.conf
sudo cp config/etc_dovecot_conf.d_10-master.conf /etc/dovecot/conf.d/10-master.conf
sudo cp config/etc_dovecot_dovecot.conf /etc/dovecot/dovecot.conf
sudo cp config/etc_dovecot_passwd /etc/dovecot/passwd
sudo cp config/etc_opendkim.conf /etc/opendkim.conf
sudo cp config/etc_default_opendkim /etc/default/opendkim
sudo adduser postfix opendkim
sudo mkdir /etc/opendkim
sudo mkdir /etc/opendkim/keys
sudo mkdir /etc/opendkim/keys/femmebabe.com
sudo mkdir /var/spool/postfix/opendkim
sudo echo "*@femmebabe.com     sendonly._domainkey.femmebabe.com" | sudo tee -a /etc/opendkim/signing.table
sudo echo "sendonly._domainkey.femmebabe.com    femmebabe.com:sendonly:/etc/opendkim/keys/femmebabe.com/sendonly.private" | sudo tee -a /etc/opendkim/key.table
sudo echo "127.0.0.1" | sudo tee -a /etc/opendkim/trusted.hosts
sudo echo "localhost" | sudo tee -a /etc/opendkim/trusted.hosts
sudo echo "" | sudo tee -a /etc/opendkim/trusted.hosts
sudo echo "*.femmebabe.com" | sudo tee -a /etc/opendkim/trusted.hosts
sudo chown -R opendkim:opendkim /etc/opendkim
sudo opendkim-genkey -b 2048 -d femmebabe.com -D /etc/opendkim/keys/femmebabe.com -s sendonly -v
sudo chmod go-rw /etc/opendkim/keys
sudo chown opendkim:opendkim /etc/opendkim/keys/femmebabe.com/sendonly.private
sudo chown opendkim:postfix /var/spool/postfix/opendkim
cd $DIR
sudo cp mailbox/* /var/mail/
sudo chown :users /var/mail/*
sudo chmod -R a+rwx /var/mail/*
sudo systemctl restart opendkim postfix dovecot
sudo cat /etc/opendkim/keys/femmebabe.com/sendonly.txt | tr -d '\n' | sed 's/\s//g' | sed 's/""//g' | awk -F'[)(]' '{print $2}'

./scripts/postfixsetup

echo “test” | mail -s “Test Email” youremail@gmail.com

tail –lines 150 /var/log/mail.log

EMAIL_HOST = DOMAIN
EMAIL_PORT = 587
EMAIL_USE_TLS = True
EMAIL_ADDRESS = 'team@femmebabe.com'
EMAIL_HOST_USER = 'team' # 'Love@mamasheen.com'
EMAIL_HOST_PASSWORD = config['EMAIL_HOST_PASSWORD']
DEFAULT_FROM_EMAIL = '{} <{}>'.format(SITE_NAME, EMAIL_HOST_USER)

import os
import json

# Buksan at i -load ang config
with open('/etc/config.json') as config_file:
    config = json.load(config_file)

openssl rand -base64 64

sudo nano /etc/config.json

{
	"SECRET_KEY": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXX-generated-using-openssl)",
	"EMAIL_HOST_PASSWORD": "yourpassword"
}

sudo backup

python manage.py shell
from django.contrib.auth.models import User
u = User.objects.get(username='Charlotte')
from users.email import send_welcome_email
send_welcome_email(u)
exit()

source venv/bin/activate